[Optional] Create Managed SSL Certificates for GCP

Establish secure access to the DuploCloud portal with regional or global SSL certificates for GCP

If you have your own certificate and you followed the step Certificate for Load Balancer then you can skip this.

SSL certificates secure connections between clients and servers or Load Balancers by encrypting information sent over the network using Transport Layer Security (TLS). GCP users have two options to configure SSL certificates: Compute Engine SSL certificates resource (compute engine certificates) and Certificate Manager (certificate maps). For more information, see the Google Cloud documentation about the different ways to configure SSL certificates in GCP and when to use Certificate Manager.

Although DuploCloud supports both certificate configuration methods, we recommend avoiding using compute engine certificates, if possible. This is because compute engine certificates can't be validated until they're attached to a Load Balancer, which can make it hard to manage uptime. In contrast, certificate maps can be validated in advance, circumventing potential downtime.

Creating a certificate map using Certificate Manager

  1. Create a DNS authorization resource using the following command where YOUR_DOMAIN is your domain URL and MAP_NAME is your certificate name (a unique name you choose for your certificate map).

gcloud certificate-manager dns-authorizations create MAP_NAME \
  --domain="YOUR_DOMAIN"
gcloud certificate-manager dns-authorizations list
  1. Manually create the DNS records shown in the output of the list command. You'll usually do this in the certificate's domain zone in the Cloud DNS service for the same project, but it depends on how you set up DNS.

  2. Create the certificate:

gcloud certificate-manager certificates create MAP_NAME \
  --domains="YOUR_DOMAIN,*.YOUR_DOMAIN" \
  --dns-authorizations=MAP_NAME
  1. Create the certificate map and its entries:

gcloud certificate-manager maps create MAP_NAME
gcloud certificate-manager maps entries create MAP_NAME \
  --map="MAP_NAME" \
  --certificates="MAP_NAME" \
  --hostname="YOUR_DOMAIN"
gcloud certificate-manager maps entries create MAP_NAME-wildcard \
  --map="MAP_NAME" \
  --certificates="MAP_NAME" \
  --hostname="*.YOUR_DOMAIN"
  1. Add the certificate map in the DuploCloud Plan. Navigate to Administrator -> Plans. Select the Certificates tab and click Add. The Add a Certificate pane displays.

  2. In the Name field, create a name for the certificate (the name is arbitrary as it is only a display name to be used within DuploCloud).

  3. In the GCP Certificate Type list box, select the certificate type. The certificate type must match the certificate entered in the gcloud certificate-manager maps entries create command.

  4. In the GCP Certificate Map field, enter the name of your map (in this example, MAP_NAME). Click Create.

Now you can use your certificate with your DuploCloud Services.

Last updated

Logo

© DuploCloud, Inc. All rights reserved. DuploCloud trademarks used herein are registered trademarks of DuploCloud and affiliates