Customizing Server Certificate for Cloud SQL

0
votes

When using the Google Cloud SQL instance, SSL can be enabled using the Server Certificate server-ca.pem downloaded from the Google Cloud SQL instance's Connections section. The Server Certificate seems to be only for a single instance. If I have multiple instances I will need to download and use multiple Server Certificates.

Is there a way to upload or customize the Server Certificate of the Google Cloud SQL instances that I am using? My goal is to use a single Root CA Certificate that can connect to all the Google Cloud SQL instances that I have. I read through the Google documentation and still not able to clearly understand whether it is possible. Appreciate any input from the community.

Example, for Amazon RDS, it supports a root certificate that works for all AWS Regions. I would like to understand whether there is something similar Google Cloud SQL is using.

1
google-cloud-platformgoogle-cloud-sql

1 Answers

0
votes

Currently this is not possible. You can only manage client certificates as you mentioned. I found this Feature Request(FR) in the Public Issue Tracker. I would recommend you to "star" it to ensure that you receive updates about it. You can also adjust notification settings by clicking the gear icon in the top right corner and selecting settings.

The FR are evaluated by the number of users being affected by that. The more stars it have, the more possibilities to be developed it has.

In the end I don't think that having all the Instances with the same Certificate should be the best path to follow. I understand that this could help to reduce the amount of sensitive data managed, but in the end you "would never put all its eggs into one basket". This could be risky.