Issue a certificate using the Google Cloud console
This page explains how you can create a CA pool and issue certificates in Certificate Authority Service using the Google Cloud console.
CA Service lets you deploy and manage private certificate authorities (CAs) without managing infrastructure.
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Certificate Authority Service API.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Certificate Authority Service API.
Create a CA pool
A CA pool is a collection of multiple CAs. A CA pool provides the ability to rotate trust chains without any outage or downtime for workloads. A CA pool lives in a single Google Cloud location that you cannot change after creation.
To create a CA pool with the default settings, do the following:
Go to the Certificate Authority Service page in the Google Cloud console.
Under the CA pool manager tab, click
Create pool.On the Create CA pool page, add a name for the CA pool.
Click Region, and select us-east1 (South Carolina) as the region of the CA pool.
Click Next for each step.
Click Done.
You can see this CA pool in the list of CA pools under the CA pool manager tab.
Create a root CA
A CA pool is empty on creation. You must add a CA to the CA pool to request certificates.
A root CA has a self-signed certificate that resides in the client's trust store. This section explains how you can add a root CA to the CA pool you created.
To add a root CA to your CA pool, do the following:
- Click CA manager.
Click
Create CA.Click Region, and select us-east1 (South Carolina) as the region of the CA.
Click Next.
In the Organization (O) field, enter the name of your organization.
In the CA common name (CN) field, enter the name of the CA. Note the CA name because you will need it for requesting a certificate.
In the Pool ID field, enter the name of your CA pool.
Click Next for each step.
Review the details of the CA, and click Create.
Create a certificate
To request a certificate using the CA, do the following:
- On the Certificate authority page, click Request a certificate.
Click Enter details.
Under Add domain name, enter the fully qualified domain name of the site you want to secure with this certificate.
Click Next.
Under Configure key size and algorithm, click Continue.
You will see the generated certificate that you can copy or download. To copy the certificate, click
.Click Done.
Clean up
Clean up by revoking the certificate and deleting the CA pool, the CA, and the project you created for this quickstart.
Revoke the certificate.
- Click the Private certificate manager tab.
- In the list of certificates, click View more in the row of the certificate you want to delete.
- Click Revoke.
- In the dialog that opens, click Confirm.
Delete the CA.
You can delete a CA only after you have revoked all the certificates issued by it.
After you have revoked the certificate, do the following:
- Click the CA manager tab.
- In the list of CAs, select the CA you want to delete.
- Click Disable.
- In the dialog that opens, click Confirm.
- Click Delete.
- In the dialog that opens, click Confirm.
The CA state changes to
Deleted
. The CA is permanently deleted 30 days after you initiate the deletion.Delete the CA pool.
You can delete a CA pool only after CA Service permanently deletes the CA.
After you have deleted the CA in the CA pool, do the following:
- Click the CA pool manager tab.
- In the list of CA pools, select the CA pool you want to delete.
- Click Delete.
- In the dialog box that opens, click Confirm.
To delete the project, do the following:
- In the Google Cloud console, go to the Manage resources page.
- In the project list, select the project that you want to delete, and then click Delete.
- In the dialog, type the project ID, and then click Shut down to delete the project.
What's next
- Learn more about CA pools.
- Learn more about creating a CA pool.
- Learn more about creating CAs.
- Learn more about requesting certificates.
- Learn how to control the type of certificates a CA pool can issue.