I have my main domain www.example.com
hosted on Route 53 on AWS.
I've created the custom domain on Google Cloud sub.example.com
and set the appropriate NS records.
What I want to do now is create a new managed SSL certificate for this subdomain as shown below:
Is this possible? Is it good practice given that I want to continue adding more subdomains like sub1.example.com
and creating a certificate for each one? Since I am keeping example.com
hosted at Route 53, I don't think I can create a single managed SSL certificate for all of the possible subdomains that I may have on Google Cloud?
Best Answer
Answer already posted here by John H. Re-posting as a community wiki.
Good choice. Route 53 is a very good service for DNS. If your services will be hosted in AWS even better. If your services will be hosted in Google Cloud, consider changing the Name Servers to Google DNS. All depends on which services you plan to use and where they are located (e.g. cloud vendor, not geo location).
I hope you mean that you changed NS records at the registrar and not within Route 53.
Depends. Google Managed SSL certificates can only be used with Google services such as load balancers. However, the backend services can be anywhere provided that they have public IP addresses. AWS also offers managed SSL certificates for their services such as load balancers, CloudFront, etc. If your goal is to use Google Managed SSL certificates directly on your compute instances, etc. you cannot. Google does not provide the private key that is required for installation and setup of SSL.
Depends. For Google self-managed SSL certificates you can create a single SSL certificate with wildcards and / or specific domain names. If you are a typical user, wildcard certificates are fine (*.example.com). Multiple names are also fine (site1.example.com, site2.example.com, etc.). You can also create individual SSL certificates for each domain name. For the www domain name, typically you want to create a certificate with two names (example.com and www.example.com). For financial institutions, etc. usually EV (Extended Validation) certificates are used (which Google does not offer).
Google Managed SSL certificates have limitations over standard SSL certificates:
Route 53 had no impact on your choice or stategy for SSL certificates. Route 53 is a DNS server that resolves dns names. SSL (TLS / HTTPS) is a protocol that is not affected by or managed by Route 53.
Google Managed SSL certificates are limited to one name per certificate. Google Self-managed SSL certificates can have multiple names per certificate.