GCP Https Load Balancer SSL Certificate

2
votes

I am trying to create a Https load balancer using yaml and Jinja files on GCP deployment manager. But I am not sure how to provide SSL certificate. In the "sslCertificates" of "compute.v1.targetHttpsProxy", it expects the value to be URL to sslCertificates. How do i create an URL for the SSL certificate. Earlier, I was trying to provide the certificate itself in the field but I get an error saying "The URL is malformed".

Please help if anyone knows how to solve this.

1
httpsgoogle-cloud-platformssl-certificateload-balancing
I suspect that answer to this question is the same as the format needed for the API call for setSSLCertificates. Unfortunately I haven't been able to find that information. I'm asking a separate question about that.Matt Wilbert
Someone pointed me to the correct answer someplace else, which is that the URL you need for the API, and presumably for Google Deployment Manager, is the one pointed to by "selfLink" in when listing sslCertificates in GCP. It looks like: [https]://www.googleapis.com/compute/v1/projects/<projectid>/global/sslCertificates/<certname>"Matt Wilbert

1 Answers

0
votes

You have to use gcloud to upload the certificate to Google Cloud, like this:

gcloud compute ssl-certificates create [SSL_CERTIFICATE] \ 
--certificate [CRT_FILE_PATH] --private-key [KEY_FILE_PATH]

You need the certificate to be PEM encoded. After this you can attach [SSL_CERTIFICATE] to your load balancer. Do this for each of the certificates you want to attach to it.

The documentation for this is here.

Edit:

To add to this incomplete answer, in case you in ever have a doubt of what API call to make while within Google Cloud just run the equivalent gcloud command with the flag --log-http and review carefully the results. The gcloud SDK is making the API calls you need and this flag will output all that happens and what endpoints and in which format you need to call to reproduce that.