Awesome! However, I've run into two problems -- one of which I solved, and
probably calls for updated documentation (or smarter upload script), the
other of which I'm stuck on. I *believe* I followed the instructions
correctly.
1. For the last step, when we upload myserver.key.pem, the console was not
accepting my file. After verifying that I copied and pasted the two
openssl commands correctly (didn't leave something out), I had the idea of
only using the parts from -----BEGIN RSA PRIVATE KEY----- to -----END RSA
PRIVATE KEY-----. (The second openssl command had generated a bunch of
stuff above this.)
Once I did that, the console happily accepted the files, so now both the
Custom Domains and SSL Certificates tabs show that I'm up and running.
However, my browsers won't connect over HTTPS. To figure out what's wrong,
I did this:
openssl s_client -connect www.mydomain.com:443 -servername www.mydomain.com
I get this output:
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN =
www.mydomain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN =
www.mydomain.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.mydomain.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
RSA Domain Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
[ the cert]
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.mydomain.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1880 bytes and written 472 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
CC113DA3B12B60C564E7E273900C9E874D2D2CC236E2F5DD2BABDFEE86FF00B5
Session-ID-ctx:
Master-Key:
D316B81F54D126A53DF1BA6B75E22F0C0DD616C3105106DCBB366011B0F8FFFDDBA9D4E545B47690D56D1F036DABD96B
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1442365904
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
Googling hasn't helped me understand the issue, and I'm new to this. I'd
be happy to ask on StackOverflow, but I thought I'd start by posting here,
since this is a minutes-old feature and the problem may well be on your
end. (And I thought others should be aware of the first issue, which I
solved.)
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/c16c6aa1-6b82-4855-a92a-8b10d05821d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
