Custom domain SSL certificate in IBM Cloud - ssl

I am trying to upload a custom domain SSL certificate to be used in IBM Cloud cloud foundry organization. I upload the certificate (PEM), the private key and the intermediate certificate... then I get the "processing" status but after some minutes the domain entry in the table goes back to the upload SSL Certificate option.
I am getting no warning or mail error. How can I know what is going wrong with the files uploaded?

Related

Google Cloud SSL Certificate still provisioning after 24 hours

My Google Cloud (load balancer, certificate, etc.)configuration has all of the required steps completed but the certificate is still provisioning.
I fixed it. The solution is to create a domain mapping and DNS record using the gcloud tool instead of Google Cloud Console.

How to trust an internal Root CA in Azure App Service

I have an Azure Function calling an HTTPS endpoint using an SSL certificate that was provided by an internal Root CA.
Without doing anything, I have an SSL negotiation error which is normal.
I added the ROOT CA cert in the SSL Settings of my Function App, and I also added the setting WEBSITE_LOAD_ROOT_CERTIFICATES in the Function App Settings.
By using the Kudu Console, I tried to curl my HTTPS endpoint, and I'm still having SSL troubles.
Am I missing something?
You can't use an internal authority signed certificate against an Azure Function that is in a multi-tenant environment. The only available approach is to use App Service Environment (ASE). Using ASE, will enable you to upload an issuing and root certificates that are signed by a private/internal authority and register them in the store to be able to be interrogated.
Try to follow the below steps to enable SSL.
Go to App service and then select TLS/SSL settings.
Click on Private Key Certificates and then click on Create App Service Managed Certificate. It opens a side window in that window click on create button.
After successfully created, go to custom domains and click on Add binding.
Under TLS/SSL binding, select custom domain name, private certificate thumbprint, and its type then click on Add Binding.
Once we finished the above steps then it will add to your domain.
As per the Microsoft Document, Add a TLS/SSL certificate in Azure App Service.

cloud run, custom domain, and ssl termination

I'm using cloud run behind a load balancer. However, it's simply a passthrough that performs ssl termination of my own certificate and exposes the cloud run service(s).
I read this and thinking of trying it out.
https://cloud.google.com/run/docs/mapping-custom-domains#run
In the Firebase docs, it says:
"After we verify domain ownership, we provision an SSL certificate for
your domain and deploy it across our global CDN within 24 hours after
you point your DNS A records to Firebase Hosting.
Your domain will be listed as one of the Subject Alternative Names
(SAN) in the FirebaseApp SSL certificate. "
For Cloud Run, it says something similar. It will generate and manage my SSL certificates. Does anybody have experience with this?
Will this newly generated certificate invalid my current cert? I assume so, and that's ok. I'm only using cloud run for subdomains like api-prod.example.io for my API and app-prod.example.io for my frontend nginx static webserver.
Is their any other considerations of why I should not move over? If I do move over, should I do Firebase instead? I supposed it's:
Firebase + Cloud Run
vs
Cloud Run
vs
GCP LB + Cloud Run + Own Managed Certificate (Current)
Thanks in advance!

GCP managed SSL certificate stuck at FAILED_RATE_LIMITED?

I am trying to issue a SSL certificate for my loadbalancer, which serves traffic to an application hosted on GKE cluster in the backend. I have reserved a static IP for the loadbalancer, and I am able to access the application over HTTP.
Early this week, I had managed to generate SSL certificates and attached it to the load balancer using the GCP managed SSL certificates, and my domain was working on HTTPS network. However I had to delete the loadbalancer and launch it again using the Kubernetes Ingress. But now I am not able to apply the certificates to the loadbalancer. The certificates fail to provision with the error: FAILED_RATE_LIMITED.
Now I have deleted all the previously generated certificates on my account, and there is a single certificate now. According to the error, I have exhausted the number of GCP managed SSL certificates on my account. But I have deleted all the previously generated certs and I have almost waited for 10-11 hours, but the issue still exists. Is there a solution to this?

Custom SSL Certificate Upload fails

I own a custom domain. (i.e. domain.com) and have been routing the traffic to my Bluemix (Java Liberty) application just fine for the last year. (By adding the domain to the "Manage Domains" screen on the console.)
I've been trying to upload a SSL Certificate I purchased from Namecheap (RapidSSL) for this domain, to the console, but keep getting this error:
BXNUI0060E: A certificate for the 'domain.com' domain wasn't uploaded because a problem occurred contacting IBM DataPower Gateway.
I use the (.crt) certificate and (.pem) private key with password. I enter both those and the password in the appropriate fields and click 'Upload', but this appears after a minute. Also, I have tried with and without the intermediate (.crt) certificate, but still get the same error.
This error has been consistent for the last month. So I don't think its anything to do with my connection. Is there something I'm doing wrong? Thanks for any and all help!
Two possible causes of this error would be a temporary service outage at Bluemix or a software mismatch due to a Bluemix service upgrade. You can check for outages and upgrade notices on the Bluemix status page. You can also find information about upgrades on the IBM Bluemix blog.