Ensure that your external Application Load Balancers (ALBs) are configured to Google-managed SSL certificates instead of self-signed certificates in order to avoid triggering browser warnings and adding distrust for users visiting your site.
Google-managed SSL certificates offer several advantages over self-signed ones for external Application Load Balancers. They provide automatic renewal, eliminate the need for manual management, and are trusted by most modern browsers, ensuring better compatibility and security. Additionally, they offer built-in support for advanced features like HTTP/2 and QUIC, enhancing performance and user experience. Google-managed SSL certificates offer a more secure, automated, and user-friendly approach.
Audit
To determine if your external Application Load Balancers are using Google-managed SSL certificates, perform the following operations:
Remediation / Resolution
To configure Google-managed SSL certificates for your external Application Load Balancers (ALBs), perform the following operations:
References
- Google Cloud Platform (GCP) Documentation
- SSL certificates overview
- Use Google-managed SSL certificates
- Encryption from the load balancer to the backends
- External Application Load Balancer overview
- Request routing to a multi-region classic Application Load Balancer
- Set up a classic Application Load Balancer with a managed instance group backend
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Use Google-Managed SSL Certificates for Application Load Balancers
Risk Level: High