Has anyone else seen this? I'm nervous that I'll have an emergency outage in 30 days...
I've installed new SSL certs and ran the tests. *installation* from https://console.cloud.google.com/appengine/settings/certificates NameExpiration dateMapped domains Certificate for *.<domain>.com, <domain>.com October 9, 2017 (none) <== the old certificate my-cert-1 November 8, 2018 <domain>.com, *.<domain> <https://console.cloud.google.com/appengine/settings/certificate/52:cc:18:f9:5d:79:96:67:26:62:7c:9d:f5:f4:95:01:c9:c0:9e:f9:02:fa:f3:e2:91:43:54:68:60:78:57:69:4d:f5:e4:5b:68:85:18:68:f5:ad:0b:cc:1a:d5:6c:d1:50:72:5b:1c:86:6c:30:ad:92:ef:21:b0:33:9c:dd:57:cf:d5:b1:41:16:9b:61:5f:f3:14:28:78:2d:1d:a6:39?project=bbf-prod-hrd&serviceId=default>.com, www.<domain>.com <== new certificate *seen from outside google* from https://www.ssllabs.com/ssltest/analyze.html (I waited 48 hours -- still showing the old cert, ditto other SSL cert checking services...) Valid from Tue, 11 Aug 2015 00:00:00 UTC Valid until Mon, 09 Oct 2017 23:59:59 UTC (expires in 26 days, 7 hours) *Google's instructions to verify certs* seen in https://cloud.google.com/appengine/docs/standard/python/using-custom-domains-and-ssl#app_engine_support_for_ssl_certificates Verify your SSL certificate and private key: 1. To verify that the private key and certificate match <http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify>, you can use the openssl x509 and openssl rsacommands. Examples: openssl x509 -noout -modulus -in concat.crt | openssl md5 openssl rsa -noout -modulus -in myserver.key.pem | openssl md5 Both the openssl x509 <https://www.openssl.org/docs/manmaster/man1/x509.html> and openssl rsa <https://www.openssl.org/docs/manmaster/man1/rsa.html> commands should return the same output. $ openssl x509 -noout -modulus -in mycert.crt | openssl md5; openssl rsa -noout -modulus -in mycert.key.pem | openssl md5 315a794cca913774a0e8f8...hidden... 315a794cca913774a0e8f8...hidden... 1. To verify that a certificate and its CA chain are valid, you can use the openssl verify <https://www.openssl.org/docs/manmaster/man1/verify.html> command. For example: openssl verify -verbose -CAfile concat.crt concat.crt $ cat STAR_mycert.crt AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt > concat.crt $ openssl verify -verbose -CAfile concat.crt concat.crt concat.crt: OK thanks! adam -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/7684148c-0539-4a99-adb0-e3226841e80c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
