Hey guys,
Kindly note that the server-ca.pem cert you would download from Google cloud SQL prod instance contains 2 certs. We were trying to use this server-ca.pem to create a truststore jks and verify server certificate in prod via a Java callout and it kept failing with the error "Signature did not match". It took about a week to resolve.
Raised a ticket with Apigee and they were clueless too as to what was happening.
Finally i posted this in the community and a gentleman helped me debug the issue by setting in the switch -Djavax.net.debug=all
I noticed the discrepancy in the dates of the cert that the server was sending and the cert we had in the truststore. Just out of curiosity i opened the server-ca.pem file and found 2 ca certs and one of them had matching dates with the cloud sql cert.
Hope Google can take a look at their server-ca.pem for the prod instance at 35.235.75.142:3306
and remove the 1st cert in the list.
- Vishnu