Thanks for checking that. Another set of sanity-checks: you've run the verification commands, to ensure the cert and your private key match?
>From the doc: openssl x509 -noout -modulus -in concat.crt | openssl md5 openssl rsa -noout -modulus -in myserver.key.pem | openssl md5 You should also be sure to verify the crt file itself openssl verify -verbose -CAfile concat.crt concat.crt Also, are you sure that the certificate matches the requirements of the platform <https://cloud.google.com/appengine/docs/python/console/using-custom-domains-and-ssl#app_engine_support_for_ssl_certificates> ? Cheers, Nick Cloud Platform Community Support On Tuesday, May 10, 2016 at 12:04:03 PM UTC-4, Simon Brown wrote: > > Thanks > > I only have one crt file, I believe that's how the CloudFlare CA works, so > there's nothing to concatenate. Just in case, I just tried running the > command from the docs on the one crt file and importing it, and I still get > the same error. > > On Mon, May 9, 2016, at 07:48 PM, 'Nick (Cloud Platform Support)' via > Google App Engine wrote: > > Hey Simon, > > While this forum is meant for more high level discussion of the platform > and services, a specific issue like this being somewhat off topic, I'll be > happy to assist in narrowing down the scope of the issue before advising > that you post to either Stack Overflow <http://stackoverflow.com> or the > Cloud > Platform Public Issue Tracker > <http://code.google.com/p/google-cloud-platform/issues/list>. > > Did you concatenate the certificates to create a *PEM encoded X.509 > public key certificate*? > > Regards, > > Nick > Cloud Platform Community Support > > On Friday, May 6, 2016 at 4:07:45 PM UTC-4, Simon Brown wrote: > > I use CloudFlare with App Engine and I'm trying to take advantage of their > new CA <https://blog.cloudflare.com/cloudflare-ca-encryption-origin/>, > but I get an error when I try to import the cert into App Engine. I have > also tried creating a self-signed cert, and no dice (except once in which > it was imported, but didn't seem to work, so I tried again after which it > stopped). > > Here is my process: > > 1. I run this command to generate a CSR: > > > openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr > > > 2. I paste the CSR into CloudFlare's utility and get back a PEM > certificate. > > > 3. I run the following command to convert my private key to a PEM key, as > per the docs > <https://cloud.google.com/appengine/docs/python/console/using-custom-domains-and-ssl#more_about_app_engine_support_for_ssl_certificates> > : > > > openssl rsa -in myserver.key -out myserver.key.pem > > > 4. I go to certificates in App Engine and select the certificate from > CloudFlare for the public key certificate and myserver.key.pem for the > RSA private key. I get the following error message: > > > The SSL certificate provided could not be inserted. > > > Any suggestions on what I might be doing wrong? > > > Thanks > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Google App Engine" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/google-appengine/btN3G0qLbEg/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > google-appengine+unsubscr...@googlegroups.com. > To post to this group, send email to google-appengine@googlegroups.com. > Visit this group at https://groups.google.com/group/google-appengine. > To view this discussion on the web visit > https://groups.google.com/d/msgid/google-appengine/57598d6c-cee1-4fc6-86c2-ec2997bcc680%40googlegroups.com > > <https://groups.google.com/d/msgid/google-appengine/57598d6c-cee1-4fc6-86c2-ec2997bcc680%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/50d190c8-8e13-4b85-be7f-f3d1621fa247%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
