I have IoT device which is capable of making HTTPS requests,but currently it doesnt have SSL Client and Root Certificates.
The IoT device (2G GPRS module) will perform requests to authenticate with google firebase ,write and read documents in firebase Database
I am trying to generate SSL certificates using openssl,
I need inputs on the below parameter
Common Name (e.g. server FQDN or YOUR name) []:
What should i enter in commom name for google firebase
Related
I am planning to host 2 webapps using Firebase Hosting: example.com and dev.example.com. For corresponding APIs, I have 2 projects on GCP (using managed instance groups and a load balancer) with custom domains: api.example.com and dev-api.example.com.
Is it possible to have a setup where subdomains of the custom domain example.com can be split/used across Firebase and GCP load balancer? I thought this is a popular setup but can't find any documentation/howto around this. I am using Google Domains as the domain provider for example.com and using Google Managed SSL certificates as well. All the projects belong to one account.
Assuming that you are using a Classic HTTPS Load Balancer with your GCP project, you may get your Firebase Hosting linked to your LB as an additional backend through Internet Network Endpoint Group so all of them can be reached through the same Load Balancer IP.
To do this,
Edit the current Load Balancer and go to Backend configuration
Create a Backend Service, under Backend type, select Internet Network Endpoint Group
Under Backends > New Backend, Create Internet Network Endpoint Group. This will take you to Network endpoint groups under Compute Engine
Under New network endpoint > Add through, you may select IP and port or Fully qualified domin name and port. Just supply the correct FQDN or IP of your Firebase hosting and the Port where the Firebase hostings are listening to, then Create.
Finish creating the backend service using the the Internet network endpoint group that you created as Backend Type
Under Host and Path rules. click +Add Host and Path Rule, please fill out the Host field with the domain of your Firebase hosting. For Path, just put /*. Then select the Internet network endpoint group that you created as Backend.
I am also under the assumption that your Google Managed Certificate is also deployed within the Load Balancer. If this is the case, then you may provision another Google Managed SSL certificate and include all 4 domains
example.com
dev.example.com
api.example.com
dev-api.example.com
Once done, you may create A records with the Load Balancer's IP address for each domain. This is to ensure that the requests will be forwarded to the correct backend, as oppose to just creating CNAME's which will always forward the request to the root domain (example.com) and not to their intended backends. The LB should be able to forward requests based on the domain being accessed.
I'm currently developing an application for a client and their requirement is that the application needs in transit and at rest encryption. I assured that it was and was required to provide documentation for that. I referenced this documentation from Google Cloud's website. They replied by asking if my claim stands in light of the following section
Using a connection directly to a VM using an external IP or network load balancer IP
If you are connecting via the VM's external IP, or via a network-load-balanced IP, the connection does not go through the GFE. This connection is not encrypted by default and its security is provided at the user's discretion
My mobile application uses Firebase SDK to talk to the Firebase database and Firebase functions. I have no background in networking nor do I understand what is exactly being referenced here despite Googling the concepts. Is my data still encrypted? Does the above section apply to my use case?
No, that applies only to VMs and network load balancers. Both Cloud Functions (so long as you're using https for all requests) and the Firebase Realtime database encrypt data in transit.
We are evaluating mesibo for InApp messaging within our SaaS application. We would need OnPrem setup to comply to Data compliance requirements.
One clarity we would need on this regard is, when we switch from Cloud to Onprem setup still client side code continues to use https://mesibo.com url. In this case we believe all the traffic gets routed to our OnPrem server via Mesibo server.
Please confirm if this understanding is right? If so would there be any data residing on Mesibo server? This clarity is required for us to respond to our customers.
Thanks
No, once you enable On-premise, your client directly connects to your on-premise server. You can verify it using netstat utility. mesibo cloud will have no access to your data.
Refer to the following to learn more https://mesibo.com/documentation/faq/on-premise/#do-i-need-to-change-or-recompile-my-apps-to-run-with-mesibo-on-premise
Mesibo APIs support both cloud and on-premise. By default, it connects
to the cloud. However, if the app is configured to be on-premise, the
mesibo cloud will refuse to serve and will ask the client to connect
to an on-premise server, and will disconnect. Then onward, the client
will directly connect to the on-premise server and then all the
messages and calls will route to your mesibo on-premise server.
I have written my own code to connect to Firebase via the REST interface. Recently I have been unable to connect to firebaseio.com because the secure connection cannot be established with the CA certificate I am using.
I am still able to create a secure connection to googleapis.com to handle the login authentication and get the tokens I need for communication.
How do you determine what certificate is needed to validate the connection? I have tried a few of the root CA certs available at https://pki.goog/repository/ but they do not seem to work for firebaseio.com.
WireShark to the rescue! I was able to see the name of the certificates being passed to my device. Firebaseio.com is using one of the certs in this list that I had not tried yet.
After adding that one I was able to connect. How often does Firebase change these certificates? What is the proper method to keep my device up to date with the latest certificates?
I have:
a website hosted on Firebase, implemented around the ReactJS Framework
a server with a REST API deployed on Google Compute Engine
Because Firebase Hosting is served through https it is required that Compute Engine also serves the API through https. Of course if the certificate is self-signed, I would get a silent error in the browser that the connection to the external server is not allowed (certificate warning). I could manually go that url and accept the certificate but that is not an option for production.
It seems like my options are limited to buying a domain, buy a ssl certificate, create a load balancer resource in Google Cloud to which I assign the domain and the certificate. I could install the certificate directly to the server, but I would rather have the load balancer in front and switch to http.
The problem is buying a certificate instead of using the https certificate in Firebase. Do I have other options for making this connection work?
Thanks