You need to issue certificates for multiple HTTP load balancer frontends using an on-premises Public Key Infrastructure (PKI) with a certificate authority (CA). The solution must scale effectively while minimizing the operational impact on the on-premises PKI, which involves many manual processes.

What is the recommended approach?

Exam-Like

Use Certificate Manager to issue Google managed public certificates and configure it at HTTP the load balancers in your infrastructure as code (IaC).

Use a subordinate CA in the Google Certificate Authority Service from the on-premises PKI system to issue certificates for the load balancers.

Use Certificate Manager to import certificates issued from on-premises PKI and for the frontends. Leverage the gcloud tool for importing.

Use the web applications with PKCS12 certificates issued from subordinate CA based on OpenSSL on-premises. Use the gcloud tool for importing. Use the External TCP/UDP Network load balancer instead of an external HTTP Load Balancer.

Google Professional Cloud Security Engineer

Get started today

Comments