How to get a google issued certificate for my service behind l4 load balancer

java_doctor_101

5/2/24, 6:58 PM

I am running a mqtt broker behind gke LoadBalancer type service. The lb type service is a l4 load balancer and I need to handle the tls termination at my service/broker level.

I have associated an A record with loadbalancer ip (say mqtt.example.com) and I am trying to get google to issue a public certificate for mqtt.example.com (Note that we manage example.com using cloud dns)

The issue is that google managed certificate do NOT share the private key so I am not able to create the cert for my service. Is there any other way I can get a google issued cert + key so I can use it at my service level.

2 + 0

pki

ssl-certificate

certificate-authority

gcloud

gcp

Score:2

Server

John Hanley

5/3/24, 1:57 AM

Google managed SSL certificates are only available for certain Google Cloud services. You cannot install the certificate on your own services. Google does not provide access to the private key.

Your options are to use a service such as Let's Encrypt or purchase a certificate.

+ 0

Score:1

Server

James S

5/4/24, 8:14 PM

Your use case to handle TLS termination within your broker/service is correct as L4 Load balancers cannot terminate SSL traffic. So you cannot use Google managed SSL certificates for it. It will be best to go with John's suggestion to use Let's Encrypt or purchase a certificate instead.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to get a google issued certificate for my service behind l4 load balancer

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.