This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Google cloud SQL server-ca.pem for PROD instance

on ‎02-18-2020 01:12 PM

vbalan
Bronze 4
Bronze 4
0 0 235

Hey guys,

Kindly note that the server-ca.pem cert you would download from Google cloud SQL prod instance contains 2 certs. We were trying to use this server-ca.pem to create a truststore jks and verify server certificate in prod via a Java callout and it kept failing with the error "Signature did not match". It took about a week to resolve.

Raised a ticket with Apigee and they were clueless too as to what was happening.

Finally i posted this in the community and a gentleman helped me debug the issue by setting in the switch -Djavax.net.debug=all

I noticed the discrepancy in the dates of the cert that the server was sending and the cert we had in the truststore. Just out of curiosity i opened the server-ca.pem file and found 2 ca certs and one of them had matching dates with the cloud sql cert.

https://community.apigee.com/questions/79365/java-to-cloud-sql-connection-with-setverifyserverc.html...

Hope Google can take a look at their server-ca.pem for the prod instance at 35.235.75.142:3306

and remove the 1st cert in the list.

- Vishnu

Topic Labels
0 Likes
Version history
Last update:
‎02-18-2020 01:12 PM
Updated by:
Bronze 4