0

From my google cloud function, I try to request another api which requires a dummy certificate in test environment. So my server is the client here. Is there a way to send the client certificate in google cloud functions? I've managed to make it work in Postman by uploading the certificate in the certificates tab in settings but in google cloud functions I get 

Bad Certificate

If it's not possible, how could I proceed? Would changing to Amazon solve the problem, or using GAE? Or is it possible to inline the certificate in an environment variable? Should I change from Axios then to make it possible to read? I've tried that solution but get the error:

routines:PEM_read_bio:no start line at Object.createSecureContext
Nicholas
  • 501
  • 2
  • 14
Mike
  • 443
  • 9
  • 26
  • Hi @Mike, Can you accept Grayside response? It will make it more visible and help someone with the same issue as you find the solution. Thanks! – Pawel Czuczwara Jul 17 '19 at 08:36

1 Answers1

2

I understand from the question that your Cloud Function should be able to make HTTPS requests of another service using a custom certificate.

Your goal is to make the certificate available to your Cloud Function code as an authentication secret. Using a certificate in this way is discussed a little here: https://stackoverflow.com/a/53585725

You have several options for getting the certificate files into the Cloud Function:

  1. Upload on Deploy: You can include the certificate in the files for your GCF deployment by including them in your code directory. Note you may want to use something like Cloud KMS to encrypt before deploy, then decrypt and hold in memory for use.
  2. Upload to GCS: In this approach, you upload your certificate files to a Cloud Storage bucket, then load the file when your function instance starts up.
  3. Load into Environment Variable: If the size of your certificate data can fit into a variable, this is a good option, but has even more security risk. Definitely encrypt in this case.

Option 2 has the basis for the most secure practice, and is facilitate by the tool https://github.com/GoogleCloudPlatform/berglas.

Grayside
  • 4,144
  • 21
  • 25
  • 1
    This is correct, the problem I was facing was that something was wrong with the environment variable format. The only solution was to base64 encode it and then decode it. However, it is possible and the other two suggestions might be useful when the poc is finished, if we decide to move. As I wrote in the question, this is only for testing purpose so the environment variable was the solution I was looking for right now. – Mike Jul 17 '19 at 09:32
  • @Mike Hello Mike, I just wanted to ask, once you have the certificate as an environment variable, how do you make the actual https call? I mean is there a way to programatically use a java class to which you pass this certificate so that it is used? I am using retrofit2 to try to do the same. – carlos palma Sep 08 '22 at 14:01