Google Cloud Certificate Manager (including ACME CA) is now on public beta

I've seen yesterday this post on Google Cloud's blog:

This means that anyone can now obtain SSL certificates from Google Trust Services, and not just people who have signed up for the private beta. Asked via the GTS contact email if:

  1. The service will be 100% free.
  2. They have plans to support a full-ECDSA certificate chain (just like Let's Encrypt's E1 → ISRG Root X2).

Will post here when I have an answer from them. What do you think about this? Will anyone give it a try, now that it's in Public Beta?

I've also made this blog post explaining this release and how to configure it..

Update: I've received an answer to the email. Posted below.

3 Likes

looks like it still need to regiester a gcloud account to get EAB: will they sign something other then db certificate later?

5 Likes

Yes, it's still a requirement, and probably will be even after the beta.

1 Like

IMHO, it is not worth trying due to Google's extensive history of abruptly discontinuing products that do not perform well enough for their own metrics.

Personally, I won't be using it because I avoid Google services whenever possible.

6 Likes

I've just received a response from Google Trust Services:

Hi Lumito,

Thanks for using GTS! Please find our answers below:

  1. To the best of my knowledge, we do not have plans to request payment for this service in the near future.

  2. A full ECDSA chain is in our plans. I cannot say when exactly it will be available though.

Best Regards,
The GTS Team

4 Likes

I have no great love for Google myself either, but I think more CAs using ACME is certainly a Good Thing, as it makes it easier to just switch to another CA if needed or desired. That is, if some does use Google, and then it gets discontinued, it should be fairly easy to just switch to some other CA (like Let's Encrypt, sure, but several others too).

7 Likes