It is a good idea to terminate the SSL handshake at a network edge device for many reasons.

It is faster
You can make changes on the fly
Easy maintenance
LB Managed SSL/TLS Hardening
Google Cloud Platform (GCP) is fantastic , and I use it for Geek Flare and love it. GCP offers many cloud solutions including load balancer.

There are three types of load balancers available, and if you are hosting web-based applications, the HTTP(S) type is recommended .

svg%3E
Let’s take a look at how to implement SSL Certificate in Google Cloud HTTP(S) Load Balancer.

For this exercise, I will use my lab domain (techpostal.com) to forward traffic to the compute engine (Nginx) VM via LB.

svg%3E

 

I assume you already have the following ready

China Phone Number

Running web server
HTTP(S)LB with port 80
Implementing Certificate on Google Cloud LB
Sign in to Google Cloud >> Network Services >> Load Balancing ( direct link )
Click edit for the respective LB
svg%3E
Go to Interface Settings >> Add Interface IP and Port
Select the protocol as HTTPS
I left the IP as ephemeral, but on a production system it is recommended to have a static one
Certificate drop-down and click “Create a new certificate”.
svg%3E
It will show you another window where you can enter chain, public and private key certificate .

Enter the necessary information when prompted
You will notice that a key and CSR file have been cSR to a certification authority for signing. I am using Let’s encrypt to sign my certificate and have entered those details and clicked “create”.

svg%3E
There are more FREE SSL Certificate provider if you want to explore.

 

Click Done and then Update

 

svg%3E
Let’s get the interface IP details by China Phone Number expanding the LB

svg%3E
Now you have to update your domain A record to point the load balancer’s IP to the domain registrar. Once done, try to access your URL with https, and it should work.

svg%3E
This concludes The SSL handshake for techpostal.com is canceled on the load balancer .

Google Cloud takes care of the necessary SSL/TLS hardening to make sure you’re not exposed to known protocol, encrypt vulnerabilities. I took a test at SSL Labs and got A rating .

svg%3E
I hope this quick guide will help you to enable SSL in Google LB for your domain.

Leave a Reply

Your email address will not be published. Required fields are marked *