I had a website running under one domain name on AppEngine with SSL working as expected. However, I switched to another domain name, and I've not been able to get SSL working.
When I go to upload a certificate, it prompts me for a "PEM encoded X.509" certificate file and a "Unencrypted PEM encoded RSA" private key file.
With the last domain, I simply plugged in the CRT and private key. This key says '-----BEGIN PRIVATE KEY-----' at the top, and does not indicate that it's a RSA key, but it didn't matter. If it's important, I generated the key/CSR with the command-line:
openssl req -new -nodes -keyout abc.com.key -out abc.com.csr -newkey rsa:2048 With this new domain, however, I'll provide the CRT (which actually is the CRT and IA concatenated, in that order) and key file. The key does not have a passphrase, and they all appear to be PEM-formatted (the standard, encoded, ASCII file, right?).
However, I am getting an error: "Both the private key and SSL certificate should be in unencrypted PEM format." This didn't happen last time.
Another site said that I need to run the following to produce a key that AppEngine can use:
openssl rsa -in abc.com.key -text > abc.com.key.pem However, I don't know the difference between the two formats, and the new file has the modulus, exponents, primes, and coefficient at the top, followed by the "BEGIN RSA PRIVATE KEY BLOCK". That being said, I can now upload the original CRT and this new key file.
That's my first problem (I don't understand what I'm doing, here).
My second problem is that the IA certificate is being ignored: AppEngine indicates that I've only uploaded one certificate (I saw somewhere that it should indicate two certificates). When I upload the IA and the new key separately, I get the error: "The private key uploaded doesn't match the SSL certificate. Please upload a matching key."
This latter thing is, obviously, the bigger error. I'm getting some SSL verification errors from Python, but not from browsers.
I'd appreciate any advice on the matter.
google-app-engine
