Unable to see SSL certificates in the console
64 views
Skip to first unread message
Attila-Mihaly Balazs
Jan 17, 2017, 9:15:46 AM1/17/17
to Google App Engine
We have two users, both are "owner"s of the project. One of the accounts sees "No certificates have been uploaded." in the appengine certificates console page [1] while the others sees them. Any ideas what the issue is here? One difference might be that the user which sees the certificates is also the "owner" of the Google Apps account for our company (and under which these projects exists).
Attila
[1] https://console.cloud.google.com/appengine/settings/certificates
Attila
[1] https://console.cloud.google.com/appengine/settings/certificates
Anastasios Hatzis
Jan 17, 2017, 10:17:39 AM1/17/17
to Google App Engine
Attila,
if I remember correctly, only the user who uploaded the certificate to Cloud Console can actually see the certificate. At least it was this way in earlier versions of Cloud Console.
Anastasios
Alex (Cloud Platform Support)
Jan 18, 2017, 3:45:01 PM1/18/17
to Google App Engine
Hi Attila,
You may need to add the second user as an owner for your domain in order to allow him seeing the SSL certificates in the console. It is possible to do it via the webmaster tool using the same account that was used to verify the domain.
Let us know if that works for you.
Attila-Mihaly Balazs
Feb 7, 2017, 8:34:10 AM2/7/17
to Google App Engine
Hi Anastasios / Alex,
- Anastasios - that has been the case (ie. only the uploading user being able to see the certificate) until recently, which is annoying and not documented anywhere. However recently it seems that not even the original user is able to see it (!!!).
- Alex - we checked with both users and with neither of them could we see any domains in the search console. Additionally, the users which verified the domains and the one which uploaded the certificate are different. Ie. user A verified the domains, user B uploaded the certificate. Both user A and user B can see the custom domains, however now neither can see the SSL certificate (although accessing the domain trough HTTPS works as expected).
Please clarify how both users can get access to the SSL settings (not to download the certificate, but to be able to set the (sub)domains on which the certificates are active for example).
Attila
- Anastasios - that has been the case (ie. only the uploading user being able to see the certificate) until recently, which is annoying and not documented anywhere. However recently it seems that not even the original user is able to see it (!!!).
- Alex - we checked with both users and with neither of them could we see any domains in the search console. Additionally, the users which verified the domains and the one which uploaded the certificate are different. Ie. user A verified the domains, user B uploaded the certificate. Both user A and user B can see the custom domains, however now neither can see the SSL certificate (although accessing the domain trough HTTPS works as expected).
Please clarify how both users can get access to the SSL settings (not to download the certificate, but to be able to set the (sub)domains on which the certificates are active for example).
Attila
Attila-Mihaly Balazs
Mar 24, 2017, 11:01:44 AM3/24/17
to Google App Engine
Just to follow up on this problem: I was able to solve it and I see that others have also come up with the same solution (https://groups.google.com/forum/?pli=1#!topic/google-appengine/_ERKSOmCOyQ).
What I did first was to try to re-upload the certificate. However it wasn't letting me saying "you must first verify the ownership of the domain(s)". I was confused since this is a wildcard cert (ie. "*.example.com") but on a whim I verified the root domain ("example.com") at which point the original certificate appeared in the interface for both me and the owner of the project.
So all is good it seems, but the workflow is a mess. Just an example: I added a new subdomain (ie "foo.example.com") after verifying the root domain ("example.com") and I had to verify the subdomain separately! I what world is it possible for someone to have control of the root DNS but not have control of the subdomain DNS ?!
Attila
What I did first was to try to re-upload the certificate. However it wasn't letting me saying "you must first verify the ownership of the domain(s)". I was confused since this is a wildcard cert (ie. "*.example.com") but on a whim I verified the root domain ("example.com") at which point the original certificate appeared in the interface for both me and the owner of the project.
So all is good it seems, but the workflow is a mess. Just an example: I added a new subdomain (ie "foo.example.com") after verifying the root domain ("example.com") and I had to verify the subdomain separately! I what world is it possible for someone to have control of the root DNS but not have control of the subdomain DNS ?!
Attila
Reply all
Reply to author
Forward
0 new messages