Could you check again using www.ssllabs.com I can notice that correct certificate has taken effect.
On Wednesday, September 13, 2017 at 12:14:23 PM UTC-4, Adam Sah wrote: > > Has anyone else seen this? I'm nervous that I'll have an emergency outage > in 30 days... > > I've installed new SSL certs and ran the tests. > > > *installation* > > from https://console.cloud.google.com/appengine/settings/certificates > > NameExpiration dateMapped domains > Certificate for *.<domain>.com, <domain>.com October 9, 2017 > (none) <== the old certificate > my-cert-1 November 8, 2018 > <domain>.com, *.<domain> > <https://console.cloud.google.com/appengine/settings/certificate/52:cc:18:f9:5d:79:96:67:26:62:7c:9d:f5:f4:95:01:c9:c0:9e:f9:02:fa:f3:e2:91:43:54:68:60:78:57:69:4d:f5:e4:5b:68:85:18:68:f5:ad:0b:cc:1a:d5:6c:d1:50:72:5b:1c:86:6c:30:ad:92:ef:21:b0:33:9c:dd:57:cf:d5:b1:41:16:9b:61:5f:f3:14:28:78:2d:1d:a6:39?project=bbf-prod-hrd&serviceId=default>.com, > > www.<domain>.com <== new certificate > > > *seen from outside google* > > from https://www.ssllabs.com/ssltest/analyze.html (I waited 48 hours -- > still showing the old cert, ditto other SSL cert checking services...) > > Valid from Tue, 11 Aug 2015 00:00:00 UTC > Valid until Mon, 09 Oct 2017 23:59:59 UTC (expires in 26 days, 7 hours) > > > *Google's instructions to verify certs* > > seen in > https://cloud.google.com/appengine/docs/standard/python/using-custom-domains-and-ssl#app_engine_support_for_ssl_certificates > > Verify your SSL certificate and private key: > > 1. > > To verify that the private key and certificate match > <http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify>, you can > use the openssl x509 and openssl rsacommands. Examples: > > openssl x509 -noout -modulus -in concat.crt | openssl md5 > openssl rsa -noout -modulus -in myserver.key.pem | openssl md5 > > Both the openssl x509 > <https://www.openssl.org/docs/manmaster/man1/x509.html> and openssl rsa > <https://www.openssl.org/docs/manmaster/man1/rsa.html> commands should > return the same output. > > $ openssl x509 -noout -modulus -in mycert.crt | openssl md5; openssl rsa > -noout -modulus -in mycert.key.pem | openssl md5 > 315a794cca913774a0e8f8...hidden... > 315a794cca913774a0e8f8...hidden... > > > 1. > > To verify that a certificate and its CA chain are valid, you can use > the openssl verify > <https://www.openssl.org/docs/manmaster/man1/verify.html> command. For > example: > > openssl verify -verbose -CAfile concat.crt concat.crt > > > $ cat STAR_mycert.crt AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt > COMODORSADomainValidationSecureServerCA.crt > concat.crt > $ openssl verify -verbose -CAfile concat.crt concat.crt > concat.crt: OK > > thanks! > adam > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/e51683dc-017d-4d76-97e1-ef8b4200cd41%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
