I am migrating a site over to google appengine and am having trouble getting it working with SSL on a custom domain (www.example.com)
Since the site was already having its email hosted via google apps, I did not get the same wizards that one would see when creating a new site. Also, it was created with the free tier of google apps if that makes a difference.
Things I have done:
Authorized the appengine project on google apps
Enabled SSL billing (and tested that changing the daily quota affects VPI ability- they are synced)
Added SNI slot and created a self-signed certificate (for testing and ultimately CloudFlare) for www.example.com
Set to serve SNI
In apps - added www.example.com for custom domain for appengine project
In appengine- added www.example.com for settings/custom domain (note- under the "SSL Support" header here- it says "none" and there is no way to change it. which makes sense since, I think this is never actually used and apps will bypass appengine for ssl requests?)
With these settings- http://www.example.com works, however https://www.example.com does not connect at all (i.e. not an issue of invalid cert)
Note that in the appengine settings on the apps page, it says that I can access the project via https://www.example.com and https://project-name.appspot.com
In case it's relevant, I am now hosting the DNS on Cloudflare and I turn it off/on or flexible/full for testing (to minimize downtime, since clients expect to only connect to https://). Assume for the above it was simply turned off.
OK- it seems that for a self-signed certificate it is necessary to use a key in a format that wasn't working with default "how to self sign" searches :) here's what I ended up doing that worked:
Then upload the yourdomain.com.csr and myserver.key.pem