Google cloud ssl certificate "The SSL certificate could not be parsed"

I need help with configuring ssl certificate on google cloud. I've already obtained my ssl certificate (crt file & private key). And I've followed the link trying to create a "SSL certificate resource".

I've tried everything but the cmd below just doesn't work:

gcloud compute ssl-certificates create cert --certificate /opt/bitnami/etc/ smartmeetingroom_tk.crt --private-key /opt/bitnami/etc/serv.key 

The error message I got is: enter image description here Could anyone tell me what is wrong with my command (or file)?

Thanks a million!!

update: below is the screenshot of error msg when I add "--verbosity debug": enter image description here I obtained ssl certificate from this website.

BTW the crt & private key is already pem encoded. Cos they are all readable using text editor and: The start&end of crt file looks like:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

The start&end of private key file looks like:

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

7

4 Answers

  1. Do you have read permissions for those files?
  2. As suggested, add verbosity flag for more details.
  3. If you are trying to create SSL certificate for HTTPS load balancer- I'd suggest using Google's managed certificate
1

As described here, you can try your command with the equals sign as follows:

gcloud compute ssl-certificates create cert --certificate=/opt/bitnami/etc/smartmeetingroom_tk.crt --private-key=/opt/bitnami/etc/serv.key 

Consider:

  1. A managed SslCertificate is provisioned and renewed for you. A self-managed certificate is created by passing the certificate obtained from Certificate Authority through --certificate and --private-key flags.

  2. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.

  3. The private key must be in PEM format and must use RSA or ECDSA encryption.

If the certificate is PEM formatted, check the following as established in the official documentation:

You can validate your certificate using the following OpenSSL command, replacing CERTIFICATE_FILE with the path to your certificate file:

openssl x509 -in CERTIFICATE_FILE -text -noout

If OpenSSL is unable to parse your certificate:

  1. Contact your CA for help.
  2. Create a new private key and certificate.
1

I recently got this problem and the issue was due to certificate holding an passkey phrase. So you need to remove that to fix this for GCP.

Run below via Powershell to generate new file without privatekey phrase

openssl rsa -in sample.pem -out samplewopk.pem

this fixed the issue

If the key happens to be encrypted using ecparam -name prime256v1 (that was my case) you should add "EC" to both

-----BEGIN PRIVATE KEY----- your_key_content_here -----END PRIVATE KEY----- 

so, you key file will look like:

-----BEGIN EC PRIVATE KEY----- your_key_content_here -----END EC PRIVATE KEY----- 

After this change it worked for me.

This might be helpful to someone else even after four years the original question was asked (It'll save me plenty of time)

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like