aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Engineering
  • Technology
  • Tools

Introducing Certificate Manager To Simplify Saas Scale TLS And Certificate Management

  • aster.cloud
  • February 7, 2022
  • 3 minute read

We’re excited to announce the public preview of Certificate Manager and its integration with External HTTPS Load Balancing. Certificate Manager enables you to use External HTTPS Load Balancing with as many certificates or domains as you need. You can bring your own TLS certificates and keys if you have an existing certificate lifecycle management solution you’d like to use with Google Cloud, or enjoy the convenience of our fully Managed TLS offerings.

Extend the security and performance of the Google network to your customers

Certificate Manager brings support for multiple certificates per customer. When  coupled with our global anycast load balancing solution with automated autoscaling and failover, you now have a powerful platform for building robust SaaS and PaaS offerings. This enables custom domain support for your customers with the lowest latency and the highest level of availability.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

Alon Kochba, the head of web performance at website-building service Wix, explained how the new features lighten their workload.

“As a SaaS product, we need to terminate SSL for millions of custom domains and certificates. GCP’s Certificate Manager and External HTTPS Load Balancing lets us do this at the edge, close to the clients, without having to rely on our own custom solution for terminating SSL,” Kochba said.

Customers who switch to External HTTPS Load Balancing can also now protect their SaaS users from denial of service attacks, OWASP Top 10 risks, and other common Web attacks by adopting Cloud Armor.

DNS authorization

This release also now enables you to provision your Google-managed certificates with DNS-based authorizations and have them ready to use before your load-balancing production environment is fully set up. This will help streamline the migration process to Google Cloud, for example. To create a DNS authorization, use the following command:

Read More  ListenField Enables Farmers To Harvest The Benefits Of AI And Machine Learning

 

gcloud beta certificate-manager dns-authorizations create example-authorization --domain="example.com"

 

This command returns the CNAME record for _acme-challenge.example.com that you must add to your DNS configuration in the DNS zone of the target domain. This CNAME record points to a special Google Cloud domain, e.g.: “534959-1a8a-40cf-90b6-b1f5f8d22517.2.authorize.certificatemanager.goog” that is used  to verify domain ownership.

When you request a certificate based on the above authorization, Cloud Certificate Manager will work with the Certificate Authority automatically to get and later renew your certificate for that domain.

Wildcard support

This DNS-based domain control authorization also allows us to bring you support for wildcard certificates. To configure the use of wildcard certificates you first must configure the DNS authorization as we’ve indicated above. Once that has been completed, you can configure the use of a wildcard certificate using the following command. Our example below is for a top-level registered domain and its wildcard subdomains.

 

gcloud beta certificate-manager certificates create example-wildcard-certificate --domains="example.com,*.example.com" --dns-authorizations="example-authorization"

 

Monitoring for Certificate Expiration

Another new feature that will be enabled with this product  is the ability to monitor certificate expiration with Google Cloud Logging.  Cloud Logging creates a record of certificate expiration, uses the `certificatemanager.googleapis.com/Project` monitored resource, and is represented by the following message:

 

message CertificatesExpiry {
  // Expiration state of the certificate.
  enum State {
    // Unspecified state, should never be reported.
    STATE_UNSPECIFIED = 0;

    // Certificate will expire soon.
    CLOSE_TO_EXPIRY = 1;
    // Certificate is expired.
    EXPIRED = 2;
  }

  // Number of reported certificates.
  int64 count;

  // Names of reported certificates. If there are too many, the list is sampled.
  repeated string certificates = 2;

  // State of reported certificates.
  State state = 3;

  // Approximate expiration time of reported certificates.
  // Multiple certificates with close expiration time are batched 
  // together in a single log, so the timestamp is not precise.
  google.protobuf.Timestamp expire_time = 4;
}

 

Read More  Cloud Data Loss Prevention (Cloud DLP) Overview

The log message is delivered every hour and contains a sample of the certificates being close to expiry or already expired.

Pricing

The best part is that there’s no additional charge to use the Certificate Manager for the first 100 certificates. To use more than 100 certificates with the management tools, we will charge on a per-certificate, per-month pricing structure. This empowers you to scale up to as many certificates as you need, and as cost-effectively as possible. The pricing will be enabled when the solution goes to General Availability.

 

It is our hope that these new features, combined with the programmability offered by Certificate Manager, will enable you to simplify the way you deploy HTTPS and offer a more scalable and secure service to your customers.

 

 

By: Ryan Hurst (Product Manager, Security) and Babi Seal (Product Manager, Load Balancing)
Source: Google Cloud Blog


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • Certificate Manager
  • DNS
  • Google Cloud
  • Identity & Security
You May Also Like
View Post
  • Engineering

Just make it scale: An Aurora DSQL story

  • May 29, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Reliance on US tech providers is making IT leaders skittish

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Examine the 4 types of edge computing, with examples

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

AI and private cloud: 2 lessons from Dell Tech World 2025

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

TD Synnex named as UK distributor for Cohesity

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Weigh these 6 enterprise advantages of storage as a service

  • May 28, 2025
View Post
  • Computing
  • Multi-Cloud
  • Technology

Pulsant targets partner diversity with new IaaS solution

  • May 23, 2025

Stay Connected!
LATEST
  • 1
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 2
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    TD Synnex named as UK distributor for Cohesity
    • May 28, 2025
  • Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • 7
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • 8
    Pulsant targets partner diversity with new IaaS solution
    • May 23, 2025
  • 9
    Growing AI workloads are causing hybrid cloud headaches
    • May 23, 2025
  • Gemma 3n 10
    Announcing Gemma 3n preview: powerful, efficient, mobile-first AI
    • May 22, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Understand how Windows Server 2025 PAYG licensing works
    • May 20, 2025
  • By the numbers: How upskilling fills the IT skills gap
    • May 21, 2025
  • 3
    Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfaction
    • May 15, 2025
  • 4
    Hybrid cloud is complicated – Red Hat’s new AI assistant wants to solve that
    • May 20, 2025
  • 5
    Google is getting serious on cloud sovereignty
    • May 22, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.