It’s a good idea to terminate the SSL handshake at a network edge device for many reasons.

It’s faster You can make changes on the fly Easy maintenance SSL/TLS hardening managed by LB

Google Cloud Platform (GCP) is fantastic, and I use for Geek Flare and just love it. GCP offers many cloud solutions including the load balancer. There are three types of load balancer available, and if you are hosting Web-based applications, then HTTP(S) type is recommended.

Let’s take a look at how to implement SSL certificate on Google Cloud HTTP(S) load balancer. For this exercise, I will use my lab domain (techpostal.com) to forward traffic to compute engine VM (Nginx) through LB.

I assume you already have the following ready.

Running web server HTTP(S) LB with port 80

Implementing Certificate on Google Cloud LB

Login to Google Cloud » Network services » Load balancing (direct link) Click edit for the respective LB

Go to frontend configuration » Add Frontend IP and port Select the protocol as HTTPS  I’ve left IP as ephemeral, but in a production system it’s recommended to have a static Drop-down Certificate and click “Create a new certificate.”

It will prompt another window where you can enter private key, public and chain certificate.

Let’s get the CSR (Certificate Signing Request) created using OpenSSL

Enter the necessary information as prompted You will notice a key & CSR file created

Now you need to send this CSR to a certificate authority to sign it. I am using Let’s Encrypt to sign my certificate and have entered those details and click “create.”

There are more FREE SSL certificate provider if you want to explore.

Click Done and then Update

Let’s get the frontend IP details by expanding the LB

Now, you got to update your domain A record to point the load balancer IP at the domain registrar. Once done, try to access your URL with https, and it should work.

This concludes SSL handshake for techpostal.com is getting terminated at the load balancer. Google Cloud take care of necessary SSL/TLS hardening to ensure it’s not exposed to a known protocol, cipher vulnerabilities. I did a test at SSL Labs and got A rating.

I hope this quick guide helps you get SSL enabled on Google LB for your domain.

How to Configure SSL Certificate on Google Cloud Load Balancer  - 17How to Configure SSL Certificate on Google Cloud Load Balancer  - 27How to Configure SSL Certificate on Google Cloud Load Balancer  - 87How to Configure SSL Certificate on Google Cloud Load Balancer  - 63How to Configure SSL Certificate on Google Cloud Load Balancer  - 55How to Configure SSL Certificate on Google Cloud Load Balancer  - 19How to Configure SSL Certificate on Google Cloud Load Balancer  - 39How to Configure SSL Certificate on Google Cloud Load Balancer  - 56How to Configure SSL Certificate on Google Cloud Load Balancer  - 94