It’s a good idea to terminate the SSL handshake at a network edge device for many reasons.
It’s faster You can make changes on the fly Easy maintenance SSL/TLS hardening managed by LB
Google Cloud Platform (GCP) is fantastic, and I use for Geek Flare and just love it. GCP offers many cloud solutions including the load balancer. There are three types of load balancer available, and if you are hosting Web-based applications, then HTTP(S) type is recommended.
Let’s take a look at how to implement SSL certificate on Google Cloud HTTP(S) load balancer. For this exercise, I will use my lab domain (techpostal.com) to forward traffic to compute engine VM (Nginx) through LB.
I assume you already have the following ready.
Running web server HTTP(S) LB with port 80
Implementing Certificate on Google Cloud LB
Login to Google Cloud » Network services » Load balancing (direct link) Click edit for the respective LB
Go to frontend configuration » Add Frontend IP and port Select the protocol as HTTPS I’ve left IP as ephemeral, but in a production system it’s recommended to have a static Drop-down Certificate and click “Create a new certificate.”
It will prompt another window where you can enter private key, public and chain certificate.
Let’s get the CSR (Certificate Signing Request) created using OpenSSL
Enter the necessary information as prompted You will notice a key & CSR file created
Now you need to send this CSR to a certificate authority to sign it. I am using Let’s Encrypt to sign my certificate and have entered those details and click “create.”
There are more FREE SSL certificate provider if you want to explore.
Click Done and then Update
Let’s get the frontend IP details by expanding the LB
Now, you got to update your domain A record to point the load balancer IP at the domain registrar. Once done, try to access your URL with https, and it should work.
This concludes SSL handshake for techpostal.com is getting terminated at the load balancer. Google Cloud take care of necessary SSL/TLS hardening to ensure it’s not exposed to a known protocol, cipher vulnerabilities. I did a test at SSL Labs and got A rating.
I hope this quick guide helps you get SSL enabled on Google LB for your domain.
