1

How do I create an Organization Validated (OV) or Extended Validated (EV) SSL certificates on Google Cloud Platform then automate it for the following activities:

  • Auto-rotate the certificate
  • Get a notification before the certificate expires
Roro
  • 97
  • 3
  • 13
  • List of prices here: https://stackoverflow.com/questions/252226/signing-a-windows-exe-file – Gabriel Jan 22 '22 at 09:24
  • @ServerOverflow - Code Signing certificates are not the same as OV/EV SSL certificates. Your link does not apply to the question. – John Hanley Jan 22 '22 at 19:25
  • @ServerOverflow - The Internet does not disagree with me. Certificates have a purpose. Code signing certificates cannot be used for SSL/TLS or the reverse unless you purchase one with both abilities and none of the vendors sell one that can be used for SSL and Code Signing with the same certificate. You do not understand the low-level details of certificates. – John Hanley Jan 24 '22 at 01:41
  • @ServerOverflow - No they are not using the wrong terminology. I recommend posting a new question if you are confused about how Code Signing and SSL Certificates are created, installed, and deployed. The technology is the same, the validation methods are similar but the contents are different. – John Hanley Jan 24 '22 at 18:31

1 Answers1

2

How do I create an Organization Validated (OV) or Extended Validated (EV) SSL certificates on Google Cloud Platform

Google Cloud does not sell OV or EV certificates. If you require a validated certificate, you must purchase one from a certificate authority such as Comodo. You are then responsible for installing, rotating, renewing, monitoring, etc.

Google Cloud does provide managed SSL certificates. These certificates are Domain Validated (DV) only. These certificates are managed but Google and are automatically renewed. SSL expiration reporting is still your responsibility.

Self-managed and Google-managed SSL certificates

Auto-rotate the certificate?

Google Cloud does not provide tools to auto-rotate self-installed SSL certificates. Some certificate authorities provide management tools. Factor that into your vendor selection.

Get a notification before the certificate expires?

Google Cloud does not offer an SSL certificate monitoring service. There are a number of third parties that do. Writing your own SSL monitor is also easy to do.

12 Tools to Monitor SSL Certificate Expiry from Cloud and Scripts

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Then is the GCP Certificate Authority Service a DV certificate? – Roro Dec 14 '21 at 09:53
  • @Roro - I am not sure what you are asking. A Certificate Authority can issue any type of certificate they want. Google only performs Domain Validation for certificates issued under Google Managed Certificates. – John Hanley Dec 14 '21 at 10:16
  • here is link to the service that I am referring to: https://cloud.google.com/certificate-authority-service – Roro Dec 14 '21 at 10:57
  • 1
    @Roro - I recommend that you create a new question. A **private** certificate authority is not related to your question about OV/EV certificates. You cannot issue your own validated certificates. You can issue private certificates for internal use. – John Hanley Dec 14 '21 at 16:59