Even if the second SSL certificate is set to Google Cloud Platform load balancer, it disappears from the target

1
votes

I have a question about the Google Cloud Platform load balancer.

I can register an SSL certificate separately in the front-end settings. Now I want to set up a second SSL so that the same website can log in with HTTPS from the two domains.

About 15 minutes after registration, the second SSL certificate was also valid, and even if you accessed with a new domain name, you could access HTTPS.

However, after a while, the second SSL setting automatically disappears from the GCP load balancer setting, and even if you access the domain of the HTTPS certificate, the error "NET :: ERR_CERT_COMMON_NAME_INVALID" is displayed on the screen.

How can I set up a second SSL certificate to work?

2
google-cloud-platform

2 Answers

1
votes

The HTTPS load balancer uses Server Name Indication (SNI) to determine which certificate to present to the client, based on the domain name in the TLS handshake. The load balancer selects a certificate whose common name (CN) or subject alternative name (SAN) matches the SNI hostname specified by the client.

If the client does not use SNI, or if the client uses a domain name that does not match the Common Name (CN) in one of the certificates, the load balancer negotiates SSL using the first certificate (primary) listed in frontend configuration and fallback occurs.

If the client uses SNI to provide a hostname during the TLS (SSL) handshake, the load balancer uses the certificate associated with that hostname.

Here is an example of how multiple SSL certificates work with HTTPS load balancing.

0
votes

In this case, simply sign off a certificate matching both domains, with the same IP.