Custom Certificates
You can load a custom certificate that you have issued from a third-party certificate authority into the secret manager. To do this, you need:
- the primary certificate for the domain;
- a private key;
- optionally: one or more intermediate certificates. Intermediate certificates bind the final TLS-certificate to the root certificate authority, with its help the browser verifies the authenticity of the issued TLS-certificate;
- optional: root certificate is a part of the key used by certificate authorities to sign a TLS-certificate. May be required when using self-signed certificates.
Add user certificate
Control Panel
Terraform
-
A user certificate is valid only in the project to which it was added. Make sure that you are in the right project. To do this, open the projects menu (name of the current project) and select the project.
-
In Control Panel, go to Cloud Platform → Secrets Manager.
-
Click Add Certificate.
-
Select User Certificate.
-
Enter a name for the certificate.
-
Insert the primary certificate for the domain. It must begin with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
. -
Insert the private key. It must begin with
-----BEGIN PRIVATE KEY-----
and end with-----END PRIVATE KEY-----
. -
Optional: to add an intermediate certificate, check the Add Intermediate Certificate checkbox and in the Intermediate Certificate field, insert the certificate. It must start with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
.If you need to add multiple intermediate certificates, make sure that all certificates (primary certificate for the domain, intermediate certificates, and root certificate) create a complete chain. The
Issuer
value of the primary certificate must match theSubject
value of the first intermediate certificate, theIssuer
value of the first intermediate certificate must match theSubject
value of the second intermediate certificate, and so on.Intermediate certificates can be added to the Intermediate Certificate field in any order, it is important to use a complete chain.
-
Optional: to add a root certificate, check the Add Root Certificate checkbox and in the Root Certificate field, insert the certificate. It must start with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
. -
Click Add.
Use the Add certificate instructions in the Terraform documentation.
Update user certificate
-
In Control Panel, go to Cloud Platform → Secrets Manager.
-
Open the Certificates tab.
-
From the menu of the certificate, select Update.
-
Insert the primary certificate for the domain. It must begin with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
. -
Insert the private key. It must begin with
-----BEGIN PRIVATE KEY-----
and end with-----END PRIVATE KEY-----
. -
Optional: to add an intermediate certificate, check the Add Intermediate Certificate checkbox and in the Intermediate Certificate field, insert the certificate. It must start with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
.If you need to add multiple intermediate certificates, make sure that all certificates (primary certificate for the domain, intermediate certificates, and root certificate) create a complete chain. The
Issuer
value of the primary certificate must match theSubject
value of the first intermediate certificate, theIssuer
value of the first intermediate certificate must match theSubject
value of the second intermediate certificate, and so on.Intermediate certificates can be added to the Intermediate Certificate field in any order, it is important to use a complete chain.
-
Optional: to add a root certificate, check the Add Root Certificate checkbox and in the Root Certificate field, insert the certificate. It must start with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
. -
Click Update.