Trouble with Google Apps Custom Domain SSL

Question

I'm currently inside the 30-day free trial for Google Apps for business (billing set up, so will start non-free trial soon). I'm attempting to set up SSL for a custom domain for a Google App Engine app, but am a bit of a noob at this stuff and the files I've accumulated aren't accepted by the Apps submission form.

I went through the following process:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

After filling in the cert. request information (with name www.mydomain.com), I had the two files CSR.csr and privateKey.key.

I used an SSL provider CheapSSLs.com to provide me with a certificate off this CSR.csr, and they've responded with a cert www_mydomain_com.crt.

However, on going through Google Apps Dashboard -> Security -> SSL for Custom Domains and uploading www_mydomain_com.crt and privateKey.key I'm given the error:

Both the private key and SSL certificate should be in unencrypted PEM format.

Any help? As far as I can tell, they are in that format: the private Key looks like:

-----BEGIN PRIVATE KEY-----
MIIEv...
...
...CftTU=
-----END PRIVATE KEY-----

and the .crt file looks like:

-----BEGIN CERTIFICATE----- 
MIIFy...
...
...WJjk= 
-----END CERTIFICATE-----

score 63 · Accepted Answer · edited Aug 10 '17 at 16:06

63

This was answered by a friendly member of the community and then immediately deleted (not sure why...) but not before I spotted his answer and used it, to great effect :)

openssl rsa -in privateKey.key -text > private.pem
openssl x509 -inform PEM -in www_mydomain_com.crt > public.pem

The above two commands produce private.pem and public.pem, which are accepted fine by Google Apps dashboard.

Thank you!

edited Aug 10 '17 at 16:06

Cœur

37,241
25
195
267

answered Jul 10 '13 at 12:37

unwitting

3,346
2
19
20

Update: you need to use @Christian's way for the private key to work – Dang Hai Luong Jan 15 '19 at 11:39

score 23 · Answer 2 · answered Jan 18 '16 at 15:09

23

For me, it was because my private.key was in the wrong format.

If your key starts with ---BEGIN PRIVATE KEY--- then you need to convert it to an RSA key.

openssl rsa -in private.key -out private_rsa.key

Then you should see ---BEGIN RSA PRIVATE KEY--- at the beginning of the private_rsa.key which you use with GAE.

answered Jan 18 '16 at 15:09

Christian

3,708
3
39
60

1

That fixed it for me after trying the others. Thanks – Dan Cramer Mar 26 '19 at 17:57

score 0 · Answer 3 · answered Apr 23 '21 at 18:24

0

Generate a new 2048-bit RSA key:

openssl genrsa -out myServer.key 2048

Convert an existing key to RSA:

openssl rsa -in myServer.key -out myServer-rsa.key

answered Apr 23 '21 at 18:24

John Heyer

711
1
6
18

Trouble with Google Apps Custom Domain SSL

3 Answers3

Linked

Related