Install an SSL/TLS Certificate in Google App Engine

Time needed: 30 minutes

This tutorial will show you how to install an SSL/TLS certificate from SSL.com in Google App Engine.

1. Download certificate from SSL.com.

   Locate your certificate order in your SSL.com account and download the certificate in Nginx format. The filename will end with .chained.crt.
   

2. Convert private key format (if necessary).

   The private key you upload to App Engine must be an RSA key in PKCS#1 PEM format. Check the first line of private key file in a text editor. If the file begins with -----BEGIN RSA PRIVATE KEY-----, you’re ready to go. If you generated your private key and CSR with SSL.com’s CSR Manager, or you see that the first line of the file is -----BEGIN PRIVATE KEY----- (with no RSA), the key will need to be converted from PKCS#8 to PKCS#1. This is easy to do with an OpenSSL command like the following (replace EXAMPLE.key and EXAMPLE-RSA.key with your real filenames):
   
   openssl rsa -in EXAMPLES.key -out EXAMPLE-RSA.key

3. Navigate to project.

   Navigate to your project in Google Cloud Platform.
   

4. Navigate to App Engine settings.

   Choose App Engine > Settings from the menu at the top left of the screen.
   

5. Open SSL certificates settings.

   Click the SSL certificates tab.
   

6. Open certificate upload form.

   Click the Upload a new certificate button.
   

7. Upload certificate and private key.

   Give your certificate a name, upload or paste in your chained certificate and private key, and click the Upload button.
   

8. Select domains.

   Select the domains you want to use the certificate with, then click the Save button.
   

9. Done!

   Your certificate and key have been uploaded and mapped to your domain names in App Engine.