BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Google Cloud Introduces Certificate Manager

Google Cloud Introduces Certificate Manager

This item in japanese

Bookmarks

Google Cloud recently introduced the public preview of Certificate Manager, a service that integrates with External HTTPS Load Balancing to manage multiple certificates and domains.

Customers can automatically issue and renew Google-managed certificates or upload certificates generated by third-party certificate authorities (CAs), with Certificate Manager storing and deploying certificates to selected proxies. Ryan Hurst and Babi Seal, product managers at Google, explain how the new service works:

This release (...) enables you to provision your Google-managed certificates with DNS-based authorizations and have them ready to use before your load-balancing production environment is fully set up (...) When you request a certificate based on the authorization, Cloud Certificate Manager will work with the Certificate Authority automatically to get and later renew your certificate for that domain. This DNS-based domain control authorization also allows us to bring you support for wildcard certificates.

Using Certificate Manager customers can provision certificates in advance, reducing downtime during migrations, and handle up to a million certificates per load balancer in a centralised way using the gcloud tool or the Certificate Manager API.

Having a managed certificate service has been a long term feature request on the platform since Amazon introduced AWS Certificate Manager (ACM) in 2016. Users in the past complained about the limitation and Sankalp Sharma, CTO at Sportskeeda, tweeted over four years ago:

Just to put it out there, I'm looking for something like AWS Certificate Manager on Google Cloud.

Managed certificates were available for Google App Engine but previously the cloud provider lacked a unified approach. Among the current limitations, Certificate Manager can only provision certificates for classic external HTTP(S) load balancers, and only supports Google and Let's Encrypt as certificate authority for Google-managed certificates. Deployments that require few certificates per load balancer and do not use wildcard domains can still assign TLS certificates directly to load balancers.

Last year Google released the Certificate Authority Service, a highly available service to automate the deployment and management of private certificate authorities, with a whitepaper explaining how to scale certificate management on the cloud.

There will be no additional charges to use the new Certificate Manager for the first 100 certificates, with an on a per-certificate, per-month pricing structure for further certificates. No fee is charged during the public preview.

About the Author

Rate this Article

Adoption
Style

BT