Home > Enterprise >  Setup TLS authentication with GCP app engine using X.509 certificate
Setup TLS authentication with GCP app engine using X.509 certificate

Time:11-05

I have a client that uses TLS authentication using X.509 certificates. The Client makes API calls to my GCP app engine, which acts as a REST server. The app engine has Identity Aware Proxy enabled, but the client is unable to use that to authenticate via that. Therefore, I made a API gateway for the client to make HTTPS requests. But it is unable to make HTTPS requests without authenticating with X.509 certificates. I am able to upload a cert.pem to the client. I generated the certificate in Google cloud shell using openssl. But I do not know where do I put this certificate in the GCP. Is it in App Engine->Settings->SSL certificates OR in the .yaml config file for the API gateway OR do I have to set up a load balancer?

CodePudding user response:

API Gateway, App Engine, and HTTP load balancers do not support client authorization with X.509 certificates.

You must implement client X.509 authentication in your application or web server on a service you manage and deploy such as Compute Engine.

  • Related