How to install SSL certificate in Google App Engine in 3 simple steps

During the development for our SaaS applications (metadrive.app & drivewatcher.app) we spend a lot of hours every year to install and renew the SSL certificates in Google App Engine.

After several tries and spending hours looking information and documentation, we decided to create a simple and small guide to explain the operations to do to install a SSL certificate in a Google App Engine application.

I hope this helps 🙂

1. GENERATE or FIND THE RSA PRIVATE KEY

Check if you have already a *.key file. It should look like this one:

If you don’t have it, no worries, you can create it easily

Download and install this software  https://slproweb.com/products/Win32OpenSSL.html

Run this command line, replace [FILENAME] by the name of the destination file that is going to be generated.

openssl genrsa -out [FILENAME].key 2048

NOTE 1:  If you have problems with the running the openssl

    • Update your windows path
    • And check this article https://stackoverflow.com/questions/4106035/openssl-error-0x02001005-and-0x2006d002-on-windows

NOTE 2: You can also try with 64 version. OpenSSL-Win64 is working fine for me.  

2. GENERATE or FIND CSR REQUEST

Check if you have already a *.csr file. It should look like this one:

If you don’t have it, you can generate it using the RSA PRIVATE KEY

openssl req -new -sha256 -key [FILENAME].key -out [FILENAME].csr

System will ask you for some parameters, but the most important one:

Common Name (e.g. server FQDN or YOUR name) []:

NOTE: Provide the web address application without http://

If you use Mac OS

    • openssl
    • genrsa -out [DOMAIN_NAME].key 2048
    • Common Name (e.g. server FQDN or YOUR name) []: [DOMAIN_NAME]
    • req -new -sha256 -key [DOMAIN_NAME].key -out [DOMAIN_NAME].csr
    • Upload the CSR to your domain provider and wait the confirmation

3. Send CSR to SSL provider to generate SSL Certificate

Next step you need to upload the content of the CSR document generated to your SSL provider. In Godaddy looks like:

Once the CSR is sent to GoDaddy it takes some minutes. You will receive and email from your SSL provider once the SSL is ready.

Final step, upload the Certificate received by the SSL provider and the RSA PRIVATE KEY