« Back to home

Playing certificate authority: Using Cloud KMS to sign certificate signing requests

Last time, we looked at how we can use a Cloud KMS asymmetric signing key to create a self-signed X.509 certificate. But we’re not limited to self-signed certificates. We can use Cloud KMS to sign other certificate signing requests too, just like a certificate authority (CA). Continue »

Using a Cloud KMS asymmetric signing key to create an X.509 certificate

After you create an asymmetric signing key in Cloud KMS, you can download the key pair’s public key. The key is provided in PEM format – that’s pretty standard and all you need in many use cases. But especially when dealing with third party services, you sometimes need an X.509 certificate instead of a plain public key. Continue »

About Johannes

Johannes Passing lives in Melbourne, Australia, and works as a Staff Solutions Architect at Google Cloud where he helps customers around the globe make the most of Google Cloud IAM to secure their identities and resources.

Johannes also maintains several open-source projects and is the author of many security best practices published on the Google Cloud website.

Besides IAM, Johannes has a passion for software architecture and lean software development.

Johannes holds an M.Sc. in software systems engineering from Hasso Plattner Institute, is a Google-certitified Professional Cloud Architect and Professional Cloud Security Engineer and is ITILv3- and PRINCE2-certified.

Any opinions expressed on this blog are Johannes' own.

Contact Johannes at jpassing (at) hotmail com