Unexpected certificate by Global HTTP(S) Load Balancer

Problem

An unexpected or default certificate is presented by the Global HTTP(S) load balancer even when another certificate has the matching CN/SAN.

Environment

Global HTTP(S) load balancing
SSL Certificates

Solution

Do not use the uppercase characters in CN/SAN entries in the certificates; use only lowercase characters in the CN/SAN entries of the certificate.

Cause

At present, GFEs do not support case-insensitive CN/SAN matching for certificates in load balancing configuration. If CN/SAN contains any uppercase characters, it is unable to match.

A new feature request has been raised for GFEs to support case-insensitive CN/SAN matching for certificates.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-11-06 UTC.