Creating and Installing comodo SSL certificate in AppEngine custom domain

In  this post I will explain how to create new RSA key using openssl to request SSL certificates from comodo and installing the certificates in Google AppEngine.

Generate .csr and private key.

Open command prompt in windows and run the following command.

c:\temp\openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr

You have to provide your company registered name, address, and FQDN you can provide your website domain address. ex: www.example.com

You should see two files generated after you successfully complete above steps.

1. server.csr (you will use this file to submit SSL certificate request with comodo)
2. server.key (this is your private key and keep it safe and do not share with anyone)

Request your free SSL certificate (90 days) by going to below url
https://secure.instantssl.com/products/SSLIdASignup1a

copy and paste your server.csr into the box 1

Select other in the server software used to generate the CSR dropdown

Finish the rest of the registration process. You will receive CSR's hashes to your registered email. If you have registered email account with your domain name ex: admin@example.com then you can complete your domain validation process using your email. 

if you are completing your domain validation through CSR hash, then you have to login to domain and update DNS settings and add a CNAME record and use the CSR's hashes received to your registered email.

EX:
_MD5HASH.example.com       CNAME     SHA256.comodoca.com

Note: if you are running into invalid CNAME key, just chat with comodo specialist and they will provide you exact keys to enter in CNAME record. You can read my other post "enable naked domain" to learn about adding CNAME record.

In few minutes, DNS propagation will happen and you will receive your SSL certificates to your registered email. You will 4 files in the zip attachment.

Configuration of SSL Certificates for Custom domains in the Google app Engine

Login to https://console.cloud.google.com

Select App Engine -> Settings as shown below

Under Settings go to SSL Certificates tab

Click on upload a new certificate

In "PEM encoded X.509 public key certificate" first upload box, select the ww-example.com.crt file you received from comodo.

Now select the private key you generated in the first step c:\temp\server.key for "Unencrypted PEM encoded RSA private key"

If you are getting error message while uploading server.key like below

The private key you've selected does not appear to be valid.

You have to convert your private to RSA private key. Run the following command and it will generate server_rsa.key 

c:\temp\openssl rsa -in server.key -out server_rsa.key


You can use the new generated server_rsa.key and it will finish your SSL certificate installation.