Custom Domain SSL set up

147 views
Skip to first unread message

Jimin Park

unread,
Mar 1, 2015, 4:25:26 PM3/1/15
to google-a...@googlegroups.com
I followed all the steps and got to the screen shot attached to this email.

I went to my domain's company control panel and set up the CNAME as well.

However nothing has happened for the past 5 hours. I am not sure if I am supposed to just wait?

Before when I didn't use GAE, I used to configure name servers and work fairly quickly.

This is my first time using GAE with custom domain and setting up SSL so I am quite confused.


Capture.JPG

Adam

unread,
Mar 1, 2015, 6:58:40 PM3/1/15
to google-a...@googlegroups.com
Both https://www.glubey.com and https://glubey.com are working for me (they direct to a site). What's the expected result? 

In the case that it was just propagation related to the CNAME record, you can always use a DNS lookup tool to check (eg. http://network-tools.com/nslook/Default.asp?domain=www.glubey.com&type=255).

Nickolas Daskalou

unread,
Mar 1, 2015, 7:29:00 PM3/1/15
to Google App Engine
It looks like https://www.glubey.com/ is working as expected when accessed from Melbourne, Australia.

You cannot serve naked domains from App Engine using SSL, so https://glubey.com/ will not work directly off App Engine (and in fact there is no IP address resolution for glubey.com).

With naked domains, you currently have two options:

  1. Serve directly from App Engine using HTTP only.

  2. Serve via a proxy like CloudFlare or wwwizer (or roll your own) if you want HTTPS/SSL.

Either option will work, depending on your needs, however you should only use one of either www.glubey.com or glubey.com as your primary address (i.e. have one of them redirect to the other), since it will reduce user confusion and it plays nicer with search engines like Google.

Keep in mind that if you expect a lot of traffic, I advise against using https://glubey.com/ via a proxy as your primary address, since there is a chance that App Engine's infrastructure will detect the mass proxy requests as a potential DDOS or similar attack and cut off access to your app from the proxy servers, and hence from your users.

Nick


--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
 To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/f6697048-8163-4102-8f89-8106b38c45be%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Jimin Park

unread,
Mar 1, 2015, 9:14:42 PM3/1/15
to google-a...@googlegroups.com
I see the sites now guess they propagated.
However I am seeing that NET::ERR_CERT_AUTHORITY_INVALID error.
I am guessing this has to do with not generating my public pem properly?
I got like 4 crt files from my certificate provider.
I am not sure what to do with them.

  • Root CA Certificate - AddTrustExternalCARoot.crt
  • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
  • Your PositiveSSL Certificate - www_glubey_com.crt
These are the 4 files I got from them.
Right now, I generated the public pem only with www_glbuey_com.crt file.
Am I supposed to like combine other crt files as well to indicate I got the certs from official trusted party?

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/2LbD19PbZVo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.

To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/CAOj3zuAbqa4cViusfsPYdW3pO8duAGsQYhHgtwkhwe2P9-788Q%40mail.gmail.com.

Jimin Park

unread,
Mar 1, 2015, 9:37:08 PM3/1/15
to google-a...@googlegroups.com
Sorry I see in your guides to set up SSL that I need to include intermediate SSL files.
What do I do this and in what order do I chain those multiple files I have?

Jimin Park

unread,
Mar 1, 2015, 10:08:55 PM3/1/15
to google-a...@googlegroups.com
I just tried concatenating the cert files
in the order

    • Your PositiveSSL Certificate - www_glubey_com.crt
    • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    • Root CA Certificate - AddTrustExternalCARoot.crt
      By combining in one single file

      -----BEGIN CERTIFICATE----- 
      (Your Primary SSL certificate: your_domain_name.crt) 
      -----END CERTIFICATE----- 
      -----BEGIN CERTIFICATE----- 
      (Your Intermediate certificate: DigiCertCA.crt) 
      -----END CERTIFICATE----- 
      -----BEGIN CERTIFICATE----- 
      (Your Root certificate: TrustedRoot.crt) 
      -----END CERTIFICATE-----

      in this manner and saved to one crt file.
      Then I converted that crt file to a public pem file.
      Site is still giving me the untrusted warning in the browser.
      Reply all
      Reply to author
      Forward
      0 new messages