> Cloud Application Resilience > Cloud Application Resilience > Recovery > GCP Recovery

SSL Certificate Management for GCP Load Balancer During Recovery

Cloud Rewind does not recover or recreate load balancer SSL certificates during recovery process.

The following are some of the reasons why Cloud Rewind does not recover load balancer SSL certificates:

  • No access to private keys: SSL certificates are linked to private keys, which are held exclusively and are essential for decrypting and securing communications. Cloud Rewind does not have access to these private keys, as GCP restricts access to them to mitigate significant security risks. Consequently, Cloud Rewind cannot recover SSL certificates because the private key is crucial for their complete functionality.

  • Security best practices: As a best practice in the industry, you should always manage private keys and SSL certificates to keep sensitive cryptographic material secure. It is standard across cloud platforms to tightly control your SSL certificates.

Integration of Cloud Rewind with SSL Certificate Infrastructure During Recovery

While Cloud Rewind cannot directly recreate SSL certificates (load balancers) during the recovery process, read on to understand how the integration process works for the following SSL certificate types.

Global SSL Certificates

  • If you are using a global SSL certificate, Cloud Rewind can automatically map the existing certificates to the recovered load balancer.

  • Since global certificates are not region-specific, Cloud Rewind will automatically detect and utilize the certificates during recovery of the load balancer, ensuring that the same certificate is applied for secure traffic handling post-recovery.

Regional SSL Certificates

  • For regional SSL certificates, you should also create the same certificate in the recovery region.

  • During the recovery process, Cloud Rewind will identify the SSL certificate by its name in the recovery region. Therefore, ensure that the certificate is created with the same name in the new region.

  • Once Cloud Rewind identifies the certificate by name in the recovery region, it will map the certificate to the recovered load balancer to restore secure connections.

Cross-Project SSL Certificates

  • In cross-project recovery scenario, the same logic of regional certificates apply. Create the same SSL certificate in the recovery region in the cross-project, and Cloud Rewind will detect and map it to the load balancer by name.

  • Ensure that SSL certificates are correctly recreated in the destination project with the same names used in the source project.

Best Practices for SSL Certificate Integration

The following best practices are recommended to ensure a smooth recovery of SSL certificates:

  1. Back up all SSL certificates securely.

  2. Create regional SSL certificates in advance in any regions they you may wish to recover to.

  3. Maintain consistent certificate names across regions and projects for seamless mapping during the recovery process.

×

Loading...