Jump to Content
Networking

Deep dive into managed TLS certs for HTTP(S) Load Balancers

November 7, 2018
Marcin Walas

Software Engineer

Paweł Hajdan

Software Engineer

At Google Cloud Next in London, we announced new networking services that aim to take away the toil. One of these services is Managed TLS certs, to take away the toil of provisioning and managing the lifecycle of TLS certificates for Cloud HTTP(S) Load Balancers. In this blog, we’ll take a closer look at managed TLS certs, and how you can use them.

Managed certs for HTTPS LB

At Google, we believe in using TLS wherever possible. In 2014, Google’s Search team announced that using HTTPS would positively impact page rankings. Fast forward to 2018, and we’ve taken it a step further: Chrome now marks HTTP sites as “Not Secure.”  We’re not stopping there, though. Eventually, we’ll assume TLS everywhere and only call out sites that are not secure.

With that in mind, we want to make deploying TLS for your HTTP(S) load balancers as simple as possible.

https://storage.googleapis.com/gweb-cloudblog-publish/images/TLS_for_your_HTTPS_load_balancers.max-1000x1000.png

With managed certs, SSL certificates now renew automatically, when required, and will be revoked when the proxy is deleted. By leveraging Google-managed certificates, your Cloud Load Balancer will be secure by default; say goodbye to all the manual work that’s usually required when dealing with certificates on your own.

Deploying managed certs

There are a couple of different ways to deploy managed certs. To configure a managed SSL certificate using gCloud CLI simply type:

Loading...

If you’re using the GCP Console, select “Create Google-managed certificate” and provide the domain name you want to secure.

https://storage.googleapis.com/gweb-cloudblog-publish/original_images/Create_Google-managed_certificate.gif

Try it out today

We hope managed TLS certs make it easier to manage your internet-facing services in Google Cloud and deploy TLS everywhere. Managed TLS certificates are available at no extra charge for during the beta.To learn more, visit the online documentation and send us your feedback!

Posted in