TechQA.

Is it possible to delete "classic" ssl certificates from a target-https-proxy?

699 views Asked by At

I recently updated a target-https-proxy to use a certificate map:

$ gcloud compute target-https-proxies list
NAME                             SSL_CERTIFICATES                             URL_MAP           CERTIFICATE_MAP
lb-global-legacy-target-proxy-2  cert-lb-global-legacy2,cert-lb-globalegacy3  lb-global-legacy  cert-map-1

My question is: How can I delete cert-lb-global-legacy2 and cert-lb-globalegacy3 since they are no longer needed due to cert-map-1?

Is this impossible?

The only workaround seems to be to:

  1. Create a new target-https-proxy that omits the ssl_certificates during creation
  2. Create a new forwarding rule with a new IP address that uses the new target-https-proxy (because it seems like forwarding rules are also immutable; can't use existing ip address because it is currently in use by a different forwarding rule)
  3. Go into DNS and repoint every subdomain to the new IP address

This seems ridiculous for what should be a simple task (remove "classic" SSL certs from a target proxy that no longer needs them)

google-cloud-platform google-cloud-load-balancer google-cloud-proxy
Original Q&A
2

There are 2 answers

1
Zouhir On BEST ANSWER

You can use the update command with --clear-ssl-certificates flag.

Example:

 gcloud compute target-https-proxies update PROXY_NAME --global --clear-ssl-certificates

That will delete classic certs, but keep certificate maps.

Docs link: https://cloud.google.com/sdk/gcloud/reference/compute/target-https-proxies/update#--clear-ssl-certificates

4
James S On

Since you've updated the target https-proxy, you can delete the SSL certificate by running the command

gcloud compute ssl-certificates delete CERTIFICATE_NAME \
    --global

A temporary workaround will be:

  1. Open Cloud Shell and run the below command :

gcloud compute target-https-proxies export (Load_Balancer_Name) > /tmp/proxy
  1. Edit /tmp/proxy file manually, Run the command :
- cat /tmp/proxy
  1. Remove the below lines from the file :
sslCertificates:
           https://www.googleapis.com/compute/v1/projects/...

  1. After removing the lines, save the file by using ‘CTRL + O’ and exit from the file ‘CTRL+X’ .

  2. Then import the file with certificates removed.

gcloud compute target-https-proxies import (Load_Balancer_Name) --source=/tmp/proxy
  1. And then you should be able to delete the certificate.
gcloud compute ssl-certificates delete <certificate name>

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-CLOUD-LOAD-BALANCER

Related Questions in GOOGLE-CLOUD-PROXY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions