Google App Engine O certificado SSL fornecido não pôde ser inserido. xn-domain

1

Eu tento instalar o Comodo Certificate que solicitei no SSLs.com no domínio personalizado do Google App Engine. Mas eu tenho erro:

The SSL certificate provided could not be inserted.

Eu verifiquei que minha chave é de 2048 bits:

# openssl rsa -in myserver2.key.pem -text -noout
Private-Key: (2048 bit)

E garantimos que meu certificado fosse anexado ao pacote:

cat xn--80aaxfchnde0hb.com.crt xn--80aaxfchnde0hb.com.ca-bundle > concat.crt

Além disso, verifiquei o md5 e o arquivo CA:

# openssl verify -verbose -CAfile concat.crt concat.crt 
concat.crt: OK

# openssl x509 -noout -modulus -in concat.crt |openssl md5
(stdin)= f83d...c3d

# openssl rsa -noout -modulus -in myserver2.key.pem | openssl md5
(stdin)= f83d...c3d

Também tentei converter o certificado no PEM

openssl x509 -inform PEM -in concat.crt > concat.pem

Eu quero obter um certificado para xn-domain.

    
por Aleksey Popryadukhin 01.05.2016 / 07:11

1 resposta

2

Suporte do Google App Engine para certificados SSL, citação de artigo

App Engine supports the following certificate types:

  • Single Domain/Hostname
  • Self-signed
  • Wildcard
  • Subject Alternative Name (SAN) / Multi Domain

It requires some things of your certificates and keys:

  • Private Key and Certificate should be uploaded in PEM format.
  • Private Keys must not be encrypted.
  • A certificate file can contain at most five certificates; this number includes chained and intermediate certificates.
  • All subject names on the host certificate should match or be subdomains of the user's verified domains.
  • Private keys must use RSA encryption.
  • Maximum allowed key modulus: 2048 bits

If the host certificate requires an intermediate or chained certificate (as many Certificate Authorities (CAs) issue), you will need to append the intermediate or chained certificates to the end of the public certificate file.

Some App Engine features use special subdomains. For example, an application can use subdomains to address application services, or to address different versions of your application. To use these with SSL, it makes sense to set up a SAN or wildcard certificate. Wildcard certificates only support one level of subdomain.

Para saber como obter um certificado, visite este artigo .

    
por 17.12.2016 / 01:41