Managed SSL Certificates with Certificate Manager (Optional)

SSL certificates secure connections between clients, servers, and Load Balancers by encrypting data transmitted over the network using Transport Layer Security (TLS). GCP provides two primary methods for configuring SSL certificates: Compute Engine SSL Certificates and Certificate Manager (using certificate maps). While DuploCloud supports both methods, we recommend Certificate Manager whenever possible. This approach is preferable because Compute Engine certificates cannot be validated until associated with a Load Balancer, potentially leading to downtime. In contrast, certificate maps can be validated in advance, helping to ensure consistent uptime and a smoother management experience.

Prerequisites

• Obtain public and private certificate files from your chosen SSL certificate provider, such as GoDaddy or Namecheap.

Creating a Certificate Map With Certificate Manager

1. Create a DNS authorization resource using the following command where YOUR_DOMAIN is your domain URL and MAP_NAME is your certificate name (a unique name you choose for your certificate map).

gcloud certificate-manager dns-authorizations create MAP_NAME \
  --domain="YOUR_DOMAIN"
gcloud certificate-manager dns-authorizations list

1. Manually create the DNS records shown in the output of the list command. You'll usually do this in the certificate's domain zone in the Cloud DNS service for the same project, but it depends on how you set up DNS.

2. Create the certificate:

gcloud certificate-manager certificates create MAP_NAME \
  --domains="YOUR_DOMAIN,*.YOUR_DOMAIN" \
  --dns-authorizations=MAP_NAME

1. Create the certificate map and its entries:

gcloud certificate-manager maps create MAP_NAME
gcloud certificate-manager maps entries create MAP_NAME \
  --map="MAP_NAME" \
  --certificates="MAP_NAME" \
  --hostname="YOUR_DOMAIN"
gcloud certificate-manager maps entries create MAP_NAME-wildcard \
  --map="MAP_NAME" \
  --certificates="MAP_NAME" \
  --hostname="*.YOUR_DOMAIN"

1. Add the certificate map to the DuploCloud Plan. Navigate to Administrator -> Plans. Select the Certificates tab and click Add. The Add a Certificate pane displays.

2. In the Name field, create a name for the certificate (the name is arbitrary as it is only a display name to be used within DuploCloud).

3. In the GCP Certificate Type list box, select the certificate type. The certificate type must match the certificate entered in the gcloud certificate-manager maps entries create command.

4. In the GCP Certificate Map field, enter the name of your map (in this example, MAP_NAME).

5. Click Create. The certificate can now be used with your DuploCloud Services.