Quick Guide to Install SSL Certificate on Google App Engine

Google App EngineGoogle App Engine (aka GAE) was developed by Google is a PAAS (Platform as a Service) cloud computing platform which is widely used for hosting, development and managing web applications.

Follow this quick guide to installing SSL certificates on Google App Engine (GAE).

Step 1: Create CSR (Certificate Signing Request) for GAE

Before you start the installation process, you need to generate a new CSR. You will get a private key along with CSR when you generate your CSR.

Step 2: Download and Extract SSL certificate Files

Once you complete the CSR and the order process the certificate authority will send you the certificate files via a registered email address included with a zip file. This file contains your certificate file.

After receiving an email from the certificate authority, download that zip file and extract it into your server directory where you wish to store your certificate files.

Note: To display your Google App Engine Application with HTTPS and HTTP on a custom domain first you need to configure SSL for custom domains using your Google Apps account.

Step 3: Activate the SSL Certificate for Custom Domain

  1. Log in to your Google Apps Account via here.
  2. Now to add your app as a service in Google apps, Click on More Controls > App engine Apps > Add Service. Here you need to enter your application ID and then click on Add it now button, accept the terms of agreement & press the Activate button.
  3. If your app is already added to Google App then skip the above steps and move onto to the next one.
  4. Connect the App to the Google App & Map it with a subdomain: Web users will access your app URL as App-ID.appspot.com. But if you wish to give access to the primary domain using Google app account, click on the Add new URL button. Here you need to enter a subdomain URL (For Example www.abc.com or yourapp.abc.com).
  5. You can activate your SSL now. First, click on Security > Advanced Settings > Show More > SSL for Customer Domains and then enter the app-ID to enable the SSL certificate. Click on Enable SSL for App Engine Applications.
  6. You will now be redirected to the App Engine Admin Console of the application with which you have entered in the previous step. Once you press Enable, SSL for the application you have selected will be active.

Note: All of the SSL charges this app account will be added to the given applications bill.

Step 4: Configuration of SSL Certificates for Custom domains in the Google App Engine

Here the first step is to ‘upload’ your certificate. Once it completes you can move onto the next one which is to, ‘configure’ it.

Uploading your SSL certificate

  • Log in to your Google Admin Console, if you are already logged in then skip to the next step.
  • Now click on Security > Advanced Settings > Show More (optional) > SSL for Custom Domains
  • Then click on Configure SSL Certificates, you will be redirected to SSL configuration page.
  • Now click on Upload a new certificate button

Add SSL Certificate on Google App Engine

Here you have to select the*.pem formatted public SSL certificate file and private key file that you have gotten with CSR generation process.

  • After selecting the public SSL Certificate and private key, click on upload button.

The configuration of SSL Certificate

Once uploading the public SSL certificate & private key the very next step is the selection of Serving mode.

Selection of Serving Mode

There will be 3 Serving mode options:

  • Not Serving
  • SNI (Server Name Indication)
  • SNI + VIP:<a VIP number>.**VIP = Virtual IP**

Select any Serving mode based on your server type.

Now in the Assign URLs section, you need to assign all matching URLs. You can assign them by selecting the list of URL options in the drop-down list box or manually by clicking on the Assign all matching URLs link.

In case you don’t have a single URL to assign here, you can add it by performing the steps mention on the official Using a custom DomainGuidelines provided by the Google App Engine.

During the SSL Certificate configuration, you will have to change the CNAME records of the URL/URLs you have assigned to the CNAME which is displayed on CNAME to field. Contact your DNS service provider to change the CNAME records.

To create a new CNAME record you can visit here.

Save your changes by clicking on Save button at the bottom of the page.

Once this is done your SSL Certificate will be uploaded and successfully configured.

Important Resources


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.