SSL Certificates Help

Generate a CSR (Certificate Signing Request) for my Google App Engine

Before you request a certificate, use the Google Cloud Shell to generate a Certificate Signing Request (CSR) for your Google App Engine on the Google Cloud Platform.

If you're utilizing the Google Compute Engine instead of the Google App Engine, you'll want to connect to your instance and install the certificate manually.

  1. Sign in to your Google Cloud Platform account at
  2. In the Navigation menu on the left, select App Engine.
  3. Click the Activate Cloud Shell icon at the top of your page.
  4. Activate Cloud Shell

  5. A new console window will appear at the bottom of your page.
  6. In the console, navigate to the directory on your server where certificate and key files are stored.
  7. Run the following command to generate your private key and certificate signing request:
  8. openssl req -new -newkey rsa:2048 -nodes -keyout -out
    • should be replaced with your actual domain name.
  9. You'll be prompted to enter the following information using only standard English letters and numbers:
  10. FieldDescription
    Country Name (2 letter code)The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
    State or Province Name (full name)Name of the state where your organization is located. Do not abbreviate.
    Locality Name (eg, city)Name of the city where your organization is registered/located. Do not abbreviate.
    Organization Name (eg, company)The legally-registered name for your business. If you're enrolling as an individual, enter the certificate requestor's name.
    Organizational Unit Name (eg, section)If applicable, enter your DBA (Doing Business As) name. It is not necessary to specify an organizational unit when generating a CSR.
    Common Name (eg, your name or your server's hostname)The fully-qualified domain name, or URL, you want to secure.
    Note: If you're requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *
    Email AddressIf applicable, specify an email address.
    A challenge passwordThis should be left blank (simply hit enter).
    An optional company nameThis should be left blank (simply hit enter).
  11. Your .key and .csr files now exist in your current directory.
  12. You'll need to open your file and copy its contents for the next step.

Next step

After you create a CSR, you'll need to request your certificate. How you request a certificate is dependent on the type of certificate you have:

TypeNext step
Standard Assurance SSL certificateRequest my SSL certificate
Deluxe or Extended Validation certificates Request my SSL certificate

More info

Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

Share this article