Add HTTPS to a custom domain on Google App Engine (and keep HTTP working)

Question

I own a Java application on Google App Engine Java with a custom domain and multiple subdomains.

I'd like to allow one part of my application to be served over https (for example, all the urls of a subdomain or all the urls with /secure/ in path).

The other urls should still be served over http. Our website receive more than 100 req/s and the vast majority of these requests should still work over http.

I fear that by trying to activate https I might block all the http requests which would create a big downtime for our servers.

• Is it possible to do what I'd like with App Engine?
• What is the best way to do it and avoid any downtime?

Thanks!

Answer 1

If someone is interested, here's what I finally did:

• in google apps for my domain, in More controls / Security / SSL for Custom Domains, I activated my app engine app id.

• I activated Virtual IP ($39/month) (but it also works with SNI)

• As I use VIP, I changed the CNAME to redirect all my subdomains to the special CNAME for SSL with VIP (unnecessary with SNI I think)

• I created a key + CSR with OpenSSL. I created a self signed certificate and tested it. It worked but of course, warning message.

• I paid a signing authority for a valid certificate (wildcard for all my subdomains, about 100€/year)

• I added that certificate + intermediate certificate and key in google apps for my domain.

It now works perfectly in both http and https. There wasn't any service disruption at any time for http.

I'll now add some url filter to my app to automatically redirect some http urls to https.