HTTPS with wildcards subdomains on custom domains

99 views
Skip to first unread message

Andrin von Rechenberg

unread,
Nov 21, 2011, 8:37:54 AM11/21/11
to google-a...@googlegroups.com
Hey there

I have setup wild card subdomains for my custom domain on appengine:


so my app is happily serving traffic from any subdomain without additional configuration:

If I sign up for a premier account, can I have one https certificate for all these subdomain now and serve https traffic on any subdomain?

Cheers,
-Andrin

Andrin von Rechenberg

unread,
Nov 21, 2011, 8:42:50 AM11/21/11
to google-a...@googlegroups.com
Guess I found the answer in the SSL announcement mail:

We will be offering two types of SSL service, Server Name Indication
(SNI) and Virtual IP(VIP). SNI will be significantly less expensive
than VIP when this service is fully launched, however unlike VIP it
does not work everywhere SSL is supported, notably it is not supported
by IE and Safari on Windows XP. Multiple certificates are supported by
SNI, while the VIP service only supports a single certificate per
virtual IP address. Wildcard certificates and certificates with
alternate names are supported by both SNI and VIP.

So it will work, right?

-Andrin

Andrin von Rechenberg

unread,
Nov 21, 2011, 8:45:34 AM11/21/11
to google-a...@googlegroups.com
oh, and one last question:

will you also start supporting https://subdomain.app-id.appspot.com ?
Currently this is an invalid certificate because of the subdomain.

-Andrin

Cayden Meyer

unread,
Nov 21, 2011, 11:11:31 PM11/21/11
to Google App Engine
Hi Andrin,
SSL for Custom Domains does support wildcard certificates and can be
used with wildcard DNS. This can be done using both SNI and VIP.
Currently SSL for Custom Domains is in a trusted tester phase and is
not related to premier accounts. If you wish to test SSL you can sign
up for our trusted tester program.
At the current point in time we do not support for subdomain.app-
id.appspot.com. This is due to browsers not respecting *.*.appspot.com
in certificates.
Cayden MeyerApp Engine Product Manager

On Nov 22, 12:45 am, Andrin von Rechenberg <andri...@gmail.com> wrote:
> oh, and one last question:
>
> will you also start supportinghttps://subdomain.app-id.appspot.com?
> Currently this is an invalid certificate because of the subdomain.
>
> -Andrin
>
> On Mon, Nov 21, 2011 at 2:42 PM, Andrin von Rechenberg
> <andri...@gmail.com>wrote:

>
>
>
>
>
>
>
> > Guess I found the answer in the SSL announcement mail:
>
> > *We will be offering two types of SSL service, Server Name Indication

> > (SNI) and Virtual IP(VIP). SNI will be significantly less expensive
> > than VIP when this service is fully launched, however unlike VIP it
> > does not work everywhere SSL is supported, notably it is not supported
> > by IE and Safari on Windows XP. Multiple certificates are supported by
> > SNI, while the VIP service only supports a single certificate per
> > virtual IP address. Wildcard certificates and certificates with
> > alternate names are supported by both SNI and VIP.*
> > *
> > *

> > So it will work, right?
>
> > -Andrin
>
> > On Mon, Nov 21, 2011 at 2:37 PM, Andrin von Rechenberg <andri...@gmail.com

> > > wrote:
>
> >> Hey there
>
> >> I have setup wild card subdomains for my custom domain on appengine:
>
> >> *.customdomain.com points to 216.239.32.21<https://dns.godaddy.com/ZoneFile.aspx?zone=FRESHAPPSHOW.COM&zoneType=...>
> >> , 216.239.34.21<https://dns.godaddy.com/ZoneFile.aspx?zone=FRESHAPPSHOW.COM&zoneType=...>
> >> , 216.239.36.21<https://dns.godaddy.com/ZoneFile.aspx?zone=FRESHAPPSHOW.COM&zoneType=...>
> >> , 216.239.38.21<https://dns.godaddy.com/ZoneFile.aspx?zone=FRESHAPPSHOW.COM&zoneType=...>

John

unread,
Dec 8, 2011, 4:47:37 PM12/8/11
to google-a...@googlegroups.com
I tried to submit a request to test the SSL for custom domains a few weeks ago, but I haven't heard anything. I have a beta release in about a month and it would be nice to deploy the app that requires SSL on the owned domain using Appengine.

Thomas Schranz

unread,
Dec 9, 2011, 5:59:49 AM12/9/11
to Google App Engine
same here. we're currently paying for a proxy service for https://www.blossom.io
which works but we'd rather join the testgroup :)
is there a way to get on the fast track?

cheers!

jon

unread,
Dec 10, 2011, 11:59:02 PM12/10/11
to Google App Engine
Yep we'd like to join the group too

On Dec 9, 9:59 pm, Thomas Schranz <t...@blossom.io> wrote:
> same here. we're currently paying for a proxy service forhttps://www.blossom.io

Reply all
Reply to author
Forward
0 new messages