I want my app engine service to speak with a separate service that I manage. I want to be able to install my self signed certificate on both ends. Is it possible to have app engine speak to this instance over SSL?
Yes. App Engine doesn't currently verify certificates for SSL sites over urlfetch, so it will accept self-signed certificates just fine.
Related
I have been hosting by web app on GCP App Engine using their's managed certificate feature for SSL. Now I would like to migrate to a different provider, but I don't want my users to be warned by browser that the certificate has changed. Is there a way to extract a managed certificate and use it somewhere else?
I'm using app engine standard with python I added custom domain in app engine api.octabyte.io and a wildcard *.api.octabyte.io
I have two services default and quran I'm able to access both services like this.
default -> api.octabyte.io
quran -> quran.api.octabyte.io/v1/docs
SSL work fine for default service https://api.octabyte.io but not with quran service https://quran.api.octabyte.io
Can you please let me know how can I enable SSL for other services.
You can access quran service with SSL when you use default url of app engine
https://quran-dot-islam786.appspot.com/v1/docs
Here is screenshot of custom domains in app engine
Google-managed SSL certificates don't support wildcard mappings: Upgrading to managed SSL certificates
I have an application where the client uses mutual SSL authentication through NGINX. So far, so good.
However, I want to move my project to Google App Engine and I need to use the same approach to valid the client, or at least, forward the client certificate to be validate in the application.
Is there some way to use mutual authentication on App Engine or other Google Cloud service?
Regards!
This might not be possible in GAE flexible environment because the SSL connections don't reach all the way to the actual application code. From Request limits:
SSL connections are terminated at the load balancer. Traffic from the load balancer is sent to the instance over an encrypted channel,
and then forwarded to the application server over HTTP. The
X-Forwarded-Proto header lets you understand if the origin request was
HTTP or HTTPs.
I didn't find such mention about the standard env GAE, so I'm unusure if the same applies there or not.
Is my app secure with Google App Engine without my own SSL Certificate?
I ask because I've just gone through the process of using Letsencrypt to create an SSL cert and apply it to my App Engine project with a custom domain - myapp.com
Now, I also a development environment which is at myapp.appspot.com. While configuring the app.yaml files with secure: always, I accidentally deployed the dev app before creating the certificates and I noticed it was secured!
I thought this could be an appspot.com thing, so I removed the certificates from my live app and it is still showing as secured...
So the question is, does App Engine have some sort of built-in SSL and thus, do I need to bother with my own certs???
Yes, your app at appspot.com is secure. However, if you wish to use a custom domain then you must get an SSL certificate. Here you can find instructions on how to use a custom SSL certificate for a custom domain with appengine.
Is there any way to specify a list of trusted certificate authorities when making HTTPS request from Python on App Engine?
Alternately, is there any other way to secure (against sniffing, replay, MITM, etc) App Engine communication with a 3rd party server without involving a 3rd party CA?
Not currently. You can choose whether or not to validate the host certificate, but you cannot choose which root certificates are accepted.