CODEWITHSUNDEEP
httpsgoogle-cloud-platformssl-certificategoogle-compute-enginegcloud
Yuge Chen
Yuge Chen

Reputation: 127

Google cloud ssl certificate "The SSL certificate could not be parsed"

I need help with configuring ssl certificate on google cloud. I've already obtained my ssl certificate (crt file & private key). And I've followed the link trying to create a "SSL certificate resource".

I've tried everything but the cmd below just doesn't work:

gcloud compute ssl-certificates create cert --certificate /opt/bitnami/etc/
smartmeetingroom_tk.crt  --private-key /opt/bitnami/etc/serv.key

The error message I got is: enter image description here Could anyone tell me what is wrong with my command (or file)?

Thanks a million!!

update: below is the screenshot of error msg when I add "--verbosity debug": enter image description here I obtained ssl certificate from this website.

BTW the crt & private key is already pem encoded. Cos they are all readable using text editor and: The start&end of crt file looks like:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

The start&end of private key file looks like:

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

Upvotes: 4

Views: 9423

Answers (4)

ignivs
ignivs

Reputation: 646

If the key happens to be encrypted using ecparam -name prime256v1 (that was my case) you should add "EC" to both

-----BEGIN PRIVATE KEY-----
your_key_content_here
-----END PRIVATE KEY-----

so, you key file will look like:

-----BEGIN EC PRIVATE KEY-----
your_key_content_here
-----END EC PRIVATE KEY-----

After this change it worked for me.

This might be helpful to someone else even after four years the original question was asked (It'll save me plenty of time)

Upvotes: 0

Rajavel S
Rajavel S

Reputation: 1

I recently got this problem and the issue was due to certificate holding an passkey phrase. So you need to remove that to fix this for GCP.

https://cloud.google.com/load-balancing/docs/ssl-certificates/troubleshooting

Run below via Powershell to generate new file without privatekey phrase

openssl rsa -in sample.pem -out samplewopk.pem

this fixed the issue

Upvotes: 0

Osvaldo
Osvaldo

Reputation: 519

As described here, you can try your command with the equals sign as follows:

gcloud compute ssl-certificates create cert --certificate=/opt/bitnami/etc/smartmeetingroom_tk.crt --private-key=/opt/bitnami/etc/serv.key

Consider:

  1. A managed SslCertificate is provisioned and renewed for you. A self-managed certificate is created by passing the certificate obtained from Certificate Authority through --certificate and --private-key flags.

  2. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.

  3. The private key must be in PEM format and must use RSA or ECDSA encryption.

If the certificate is PEM formatted, check the following as established in the official documentation:

You can validate your certificate using the following OpenSSL command, replacing CERTIFICATE_FILE with the path to your certificate file:

openssl x509 -in CERTIFICATE_FILE -text -noout

If OpenSSL is unable to parse your certificate:

  1. Contact your CA for help.
  2. Create a new private key and certificate.

Upvotes: 0

Boris Bakshiyev
Boris Bakshiyev

Reputation: 1

  1. Do you have read permissions for those files?
  2. As suggested, add verbosity flag for more details.
  3. If you are trying to create SSL certificate for HTTPS load balancer- I'd suggest using Google's managed certificate

Upvotes: 0

Related Questions