This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GCP SSL related queries

Posted on 06-30-2022 10:45 AM
deshdeepak
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM
I have a few questions:
 
1) What will be the expiry date for Google-managed certificates and self-managed certificates.
 
2) And by saying self-managed certificate, do you mean that I will have to purchase the SSL certificate from third-party vendors such as Godaddy, ZeroSSL, and others and then use those purchased SSL certificates in the Google cloud platform by importing them.
 
3) And is it true that the Google-managed and the self-managed certificates work only when the Load balancer is used in front of the applications. Are there any other services in Google Cloud where I can use the Google managed and Self managed certificates?
Solved Solved
1 4 1,015
Topic Labels
Jump to Solution
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
kolban
Staff
Reply posted on --/--/---- --:-- AM

This appears to be the doc on Google Managed Certificates ...

https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs

According to the doc, "... and Google renews the certificates automatically."   Is this sufficient for the expiry date question?  I sense that Google ensures that the certificates are renewed before they expire.

Google gives you two certificate stories ... one where Google manages your certificates (see above link) and one where you manage the certificates (self managed certificates) ... 

https://cloud.google.com/load-balancing/docs/ssl-certificates/self-managed-certs

In the later, you are responsible for obtaining the certificates and then following Google's recipes for installation and use.

It is my understanding that both the self managed and google managed certificates work only in conjunction with Google Cloud's load balancer technologies.  You can (in principle) use other Google Cloud services in conjunction with these certificates ... however, you would front end those services with Google Cloud's Load Balancers.  For many of Google's services, they are SSL protected with certificates owned by Google ... for example if you try and target Cloud Run or Cloud Functions through HTTPS you are using certificates and everything will be secure ... they will just be Google owned certificates.

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
kolban
Staff
In response to deshdeepak
Reply posted on --/--/---- --:-- AM

While Google is a Certificate Authority (see ... https://pki.goog/) ... consumers can't get certificates from Google for their own user (see https://pki.goog/faq/#faq-29)  Instead, the certificates are used/supplied by Google products (eg. Google Managed Certificates).  In your question, the answer is then that you will indeed need to procure SSL certificates from "outside Google" and bring them to Google for usage.   This is the Self Managed Certs story.

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
kolban
Staff
Reply posted on --/--/---- --:-- AM

This appears to be the doc on Google Managed Certificates ...

https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs

According to the doc, "... and Google renews the certificates automatically."   Is this sufficient for the expiry date question?  I sense that Google ensures that the certificates are renewed before they expire.

Google gives you two certificate stories ... one where Google manages your certificates (see above link) and one where you manage the certificates (self managed certificates) ... 

https://cloud.google.com/load-balancing/docs/ssl-certificates/self-managed-certs

In the later, you are responsible for obtaining the certificates and then following Google's recipes for installation and use.

It is my understanding that both the self managed and google managed certificates work only in conjunction with Google Cloud's load balancer technologies.  You can (in principle) use other Google Cloud services in conjunction with these certificates ... however, you would front end those services with Google Cloud's Load Balancers.  For many of Google's services, they are SSL protected with certificates owned by Google ... for example if you try and target Cloud Run or Cloud Functions through HTTPS you are using certificates and everything will be secure ... they will just be Google owned certificates.

Jump to Solution

Posted on --/--/---- --:-- AM
deshdeepak
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Does a self-managed certificate mean that I will have to purchase the SSL certificate from third-party vendors such as Godaddy, ZeroSSL, and others and then use those purchased SSL certificates in the Google cloud platform by importing them?

Or there are any SSL certificates provided by Google only that I can purchase and use.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
kolban
Staff
In response to deshdeepak
Reply posted on --/--/---- --:-- AM

While Google is a Certificate Authority (see ... https://pki.goog/) ... consumers can't get certificates from Google for their own user (see https://pki.goog/faq/#faq-29)  Instead, the certificates are used/supplied by Google products (eg. Google Managed Certificates).  In your question, the answer is then that you will indeed need to procure SSL certificates from "outside Google" and bring them to Google for usage.   This is the Self Managed Certs story.

Jump to Solution

Posted on --/--/---- --:-- AM
deshdeepak
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thankyou for the prompt support.

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all