GCP SSL 证书安装错误“证书数据无效。请确保私钥和公共证书匹配

Question

I bought an SSL certificate from godaddy.com. My website is hosted on Google Cloud Portal (GCP). I generated the private rsa key using the methods provided on the GCP support website.

First I generated a rsa key and a CSR using the below commands

openssl genrsa -out example.key 2048
openssl req -new -key example.key -out example.csr

Then I copied the csr text to godaddy and generated a certificate. From the merchant site, I downloaded the certificate. Before downloading the certificate, there was an option to select 'Server Type'. Following options were present:

• Apache
• Exchange
• IIS
• Mac OS X
• Tomcat
• Other

I selected "Other" and clicked 'Download'. A zip file was downloaded that had two files:

• ce123abc4567wxyz.crt
• gd_bundle-g2-g1.crt

To install the certificate, I went to GCP App Engine > Settings > SSL Certificate > Upload a new Certificate. Here, I have to copy the certificate and the key. There are two text boxes

1. PEM encoded X.509 public key certificate
2. Unencrypted PEM encoded RSA private key

I copied the RSA private key from step-1, into the 2nd text box. Now the problem is that the 1st text box (where i have to enter the public key) is not accepting any of ther files present in the certificate zip folder that I downloaded from the merchant site. I get the error

The Certificate data is invalid. Please ensure that the private key and public certificate match

I tried copying either of the files to the 1st text box. I also copied both the file texts into the box. But nothing is working. Please help.

Answer 1

A .crt file is probably not in .PEM format, and if not you need to convert it. See, for example, How to convert .crt to .pem

Answer 2

This was resolved. The certificates didn't work so I eventually regenerated the certificates. I copied only the 'public key' part of the certificate file. And made sure no spaces, no extra lines are copied.