GCP storage server certificate verification

daluu · 11-20-2023 09:26 AM

I think for AWS, this relates to

https://www.amazontrust.com/repository/

https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/

what's the equivalent for verifying certificates used on GCP storage URLs, e.g.

https://storage.googleapis.com/storage_path_name

in cases where the client machine is not trusting the Google server hostname in the giving storage URL. I couldn't find anything online about this so far.

christianpaula

Hi @daluu,

Welcome to Google Cloud Community!

Google Cloud doesn't provide a centralized repository like the one you mentioned for AWS. Instead, it relies on standard certificate authorities. If there are specific concerns or issues, reaching out to Google Cloud Support can also be helpful for assistance tailored to your specific situation.

daluu

Thanks for the response.

So in terms of why the client device is having certification validation problems (why the certificate isn't on the device or why the certificate authority contacted isn't trusted on the device, and what certificate is being validated), I guess I would need to investigate further to get details on the certificate being validated, and what certificate authority is being contacted?

That's unfortunately a bit more work for the user.

In regards to standard certificate authorities, can you provide some more details, which certificate authorities are used/involved or is it just generally "all of them"? Just would like a quick way to verify if the certificate authorities are in the trust list of the device for example.