Deep dive into managed TLS certs for HTTP(S) Load Balancers
At Google Cloud Next in London, we announced new networking services that aim to take away the toil. One of these services is Managed TLS certs, to take away the toil of provisioning and managing the lifecycle of TLS certificates for Cloud HTTP(S) Load Balancers. In this blog, we’ll take a closer look at managed TLS certs, and how you can use them.
Managed certs for HTTPS LB
At Google, we believe in using TLS wherever possible. In 2014, Google’s Search team announced that using HTTPS would positively impact page rankings. Fast forward to 2018, and we’ve taken it a step further: Chrome now marks HTTP sites as “Not Secure.” We’re not stopping there, though. Eventually, we’ll assume TLS everywhere and only call out sites that are not secure.
With that in mind, we want to make deploying TLS for your HTTP(S) load balancers as simple as possible.
With managed certs, SSL certificates now renew automatically, when required, and will be revoked when the proxy is deleted. By leveraging Google-managed certificates, your Cloud Load Balancer will be secure by default; say goodbye to all the manual work that’s usually required when dealing with certificates on your own.
Deploying managed certs
There are a couple of different ways to deploy managed certs. To configure a managed SSL certificate using gCloud CLI simply type:
gcloud beta compute ssl-certificates create SSL_CERTIFICATE --domains DOMAIN
If you’re using the GCP Console, select “Create Google-managed certificate” and provide the domain name you want to secure.