Error
Sorry, there’s a problem. If you entered information, check it and try
again. Otherwise, the problem might clear up on its own, so check back later.
The actual error message is listed under activity area from dashboard of Google cloud console and the error states the following:
Invalid argument (HTTP 400): Invalid certificate. `CertificateRawData`
must contain a PEM encoded x.509 public key certificate, with header and
footer included, and an unencrypted PEM encoded RSA private key, with
header and footer included and with size at most 2048 bits. The requested
private key and public certificate must match.
Before you can upload a ssl certificate, the ssl certificate private key has to be a RSA encoded private key and certificate needs to be x509 encoded. Let's back track and go through the steps to properly request a csr and key file. After generating a csr file you will request a certificate from registrar by copy pasting csr or uploading a file with csr text.
Step 1:
First you need to create a csr and private key file. Openssl command is used to generate a csr and private key file. Openssl command is available in most linux command line operating systems. If you visit openssl project website you will notice there isn't a windows binary file available. If you are a Windows user, you can run openssl command using Google cloud shell machine from your web browser described here:
$ openssl req -new -newkey rsa:2048 -nodes -subj /C=US/CN=COMMON_NAME -keyout KEYFILE
Replace COMMON_NAME with domain name for which you are generating a request file known as csr.
$ openssl req -new -newkey rsa:2048 -nodes -subj /C=US/CN=YourDomainName.com -keyout mykey.key
Step 2:
Transform generated key file from running openssl req command to an rsa key.
openssl rsa -in mykey.key -out mykey.key.pem
Step 3:
Upload your csr to certificate authority for approval. Domain level csr are normally approved within a few minutes. For GoDaddy you can upload your csr file or copy paste csr text for standard domain verification. Your csr is verified within a few minutes and you will be able to download a certficate file ending with file name .crt: https://www.godaddy.com/help/request-an-ssl-certificate-562Step 4:
Download approved crt file from certificate authority and convert to x509
openssl x509 -in certificate.crt -out certificatex509.crt
Step 5:
Check if your rsa key file and x509 certificate match.
openssl x509 -noout -modulus -in certificatex509.crt | openssl md5
openssl rsa -noout -modulus -in mykey.key.pem | openssl md5
Step 6:
Upload mykey.key.pem and certificatex509 to app engine:
gcloud app ssl-certificates create --certificate=C:\path\to\cert\certificatex509.crt --display-name=my-cert-1 --private-key=C:\path\to\cert\mykey.key.pem
Step 7:
Login to cloud console and assign my-cert-1 to your custom domain.Resources
"Securing Custom Domains with ssl" (https://cloud.google.com/appengine/docs/standard/php/securing-custom-domains-with-ssl)
Securing Custom Domains with ssl"Verify the private key and cert" (https://cloud.google.com/appengine/docs/standard/php/securing-custom-domains-with-ssl#converting_private_keys_and_concatenating_ssl_certificates )
Verify the private key and cert (3.)"Upload ssl certificate using GCLOUD API Reference" (https://cloud.google.com/sdk/gcloud/reference/app/ssl-certificates/create)
GCLOUD API Reference to upload ssl certificateTag Stackoverflow Questions
"Adding new ssl certificate in google app engine" (https://stackoverflow.com/questions/41624437/adding-new-ssl-certificate-in-google-app-engine)
Adding new ssl certificate"Trying to get an ssl certificate from comodo to work for google app engine" (https://stackoverflow.com/questions/18861830/trying-to-get-an-ssl-certificate-from-comodo-to-work-for-google-app-engine)
Trying to get.."Trouble with google apps custom domain ssl" (https://stackoverflow.com/questions/17569312/trouble-with-google-apps-custom-domain-ssl)
Trouble with..