Step 1: Create CSR (Certificate Signing Request) for GAE
Before you start the installation process, you need to generate a new CSR. You will get a private key along with CSR when you generate your CSR.
Step 2: Download and Extract SSL certificate Files
Once you complete the CSR and the order process the certificate authority will send you the certificate files via a registered email address included with a zip file. This file contains your certificate file.
After receiving email from certificate authority, download that zip file and extract it on your server directory where you wish to store your certificate files.
Note: To display your Google App Engine Application with HTTPS and HTTP on a custom domain first you need to configure SSL for custom domains using your Google Apps account.
Step 3: Activate the SSL Certificate for Custom Domain
(I) Log in to your Google Apps Account via here.
(II) Now to add your app as a service in Google apps, Click on More Controls > App engine Apps > Add Service. Here you need to enter you application ID and then click on Add it now button, accept the terms of agreement & press the Activate button.
(III) If your app is already added in to Google App then skip the above steps and move onto to the next one.
(IV) Connect the App with the Google App & Map it with a sub domain: Web users will access your app URL as App-ID.appspot.com. But if you wish to give access to the primary domain using Google app account, click on the Add new URL button. Here you need to enter a sub domain URL (For Example www.comodo.com or yourapp.comodo.com).
(V) You can activate your SSL now. First click on Security > Advance Settings > Show More > SSL for Customer Domains and then enter the app-ID to enable the SSL certificate. Click on Enable SSL for App Engine Applications.
Note: All of the SSL charges this app account will be added to the given applications bill.
(VI) You will now be redirected to the App Engine Admin Console of the application with which you have entered in the previous step. Once you press Enable, SSL for the application you have selected will be active.
Step 4: Configuration of SSL Certificates for Custom domains in the Google app Engine
Here first step is to ‘upload’ your certificate. Once is completes you can move onto the next one which is to, ‘configure’ it.
Uploading your SSL certificate
(I) Log in to your Google Admin Console, if you are already logged in then skip to the next step.
(II) Now click on Security > Advanced Settings > Show More (optional) > SSL for Custom Domains
(III) Then click on Configure SSL Certificates, you will be redirected to SSL configuration page.
(IV) Now click on Upload a new certificate button
Here you have to select the .pem formatted public SSL certificate file "Provided by COMODO" and the private key file that you have created with the CSR generation process.
(V) After selecting the public SSL Certificate and private key, click on upload button.
Configuration of SSL Certificate
Once uploading the public SSL certificate & private key the very next step is the selection of Serving mode.
There will be 3 Serving mode options:
- Not Serving
- SNI (Server Name Indication)
- SNI + VIP:<a VIP number>.**VIP = Virtual IP**
Select any Serving mode based on your server type.
Now in the Assign URLs section you need to assign all matching URLs. You can assign them by selecting the list of URL options in drop down list box or manually by clicking onthe Assign all matching URLs link.
In case you don’t have a single URL to assign here, you can add it by performing the steps mention on the official “Using a custom Domain” Guidelines provided by the Google app Engine.
During the SSL Certificate configuration you will have to change the CNAME records of the URL/URLs you have assigned to the CNAME which is displayed on CNAME to field. Contact your DNS service provider to change the CNAME records.
To create a new CNAME record you can visit here.
Save you changes by clicking on Save button at the bottom of the page.
Once this is done your SSL Certificate will be uploaded and successfully configured.