2

I bought an SSL certificate from godaddy.com. My website is hosted on Google Cloud Portal (GCP). I generated the private rsa key using the methods provided on the GCP support website.

First I generated a rsa key and a CSR using the below commands

openssl genrsa -out example.key 2048
openssl req -new -key example.key -out example.csr

Then I copied the csr text to godaddy and generated a certificate. From the merchant site, I downloaded the certificate. Before downloading the certificate, there was an option to select 'Server Type'. Following options were present:

  • Apache
  • Exchange
  • IIS
  • Mac OS X
  • Tomcat
  • Other

I selected "Other" and clicked 'Download'. A zip file was downloaded that had two files:

  • ce123abc4567wxyz.crt
  • gd_bundle-g2-g1.crt

To install the certificate, I went to GCP App Engine > Settings > SSL Certificate > Upload a new Certificate. Here, I have to copy the certificate and the key. There are two text boxes

  1. PEM encoded X.509 public key certificate
  2. Unencrypted PEM encoded RSA private key

I copied the RSA private key from step-1, into the 2nd text box. Now the problem is that the 1st text box (where i have to enter the public key) is not accepting any of ther files present in the certificate zip folder that I downloaded from the merchant site. I get the error

The Certificate data is invalid. Please ensure that the private key and public certificate match

I tried copying either of the files to the 1st text box. I also copied both the file texts into the box. But nothing is working. Please help.

Rahul Singh
  • 195
  • 2
  • 10
  • Have you checked this [page](https://cloud.google.com/appengine/docs/standard/python/securing-custom-domains-with-ssl#converting_private_keys_and_concatenating_ssl_certificates). Could it be that your certificates still need to be converted/concatenated? – A.Queue Jun 20 '18 at 13:02
  • It is resolved? – 151291 Oct 23 '20 at 07:58
  • This was resolved. There were a lot of hit-and-trial that eventually resolved the issue – Rahul Singh Oct 24 '20 at 11:18
  • @RahulSingh Hi Rahul facing same issue . How you have resolved this issue. – Vipin Singh May 26 '21 at 06:19
  • @VipinSingh yes, this was resolved. The certificates didn't work so I eventually regenerated the certificates. I copied only the 'public key' part of the certificate file. And made sure no spaces, no extra lines are copied. – Rahul Singh May 27 '21 at 07:32

2 Answers2

1

A .crt file is probably not in .PEM format, and if not you need to convert it. See, for example, How to convert .crt to .pem

Matt Wilbert
  • 336
  • 1
  • 8
0

This was resolved. The certificates didn't work so I eventually regenerated the certificates. I copied only the 'public key' part of the certificate file. And made sure no spaces, no extra lines are copied.

Rahul Singh
  • 195
  • 2
  • 10