SSL whitelabeling pricing differs depending on the account type. The up-to-date pricing is stored in the Services pricing documentation: Google Drive>Services Customers.

Technical steps for setting up the whitelabeled gateway are:

Generate SSL

Use a client generated SSL

Generate private key and CSR

Use openssl on staging as root with the following command where <domain> is the client domain:

openssl req -out <domain>.csr -new -newkey rsa:2048 -nodes -keyout <domain>.key

Use the following information and no password:

Country Name (2 letter code) [XX]:<country_code_from_account>

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:<account_name>

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:*.<domain>

Email Address []: <default_email_from_account>

Copy key and signing request to Google Drive\Technology Platform\Certificates in a folder named for the client.  Send the key and signing request to the client.

The client needs to use these with their certificate provider to get a certificate and a certificate bundle to send back to us.  The certificates should be in the X.509 PEM format, the same as used by Apache-ModSSL.

Upload certificate to amazon

Use the following command as root on staging to upload the certificates to aws once they are returned by the client:

aws iam upload-server-certificate --server-certificate-name <name_title>2017 --certificate-body file://<domain>.crt --private-key file://<domain>.key --certificate-chain file://<domain>.bundle --path /cloudfront/<name_lower>2017/

Use an amazon SSL

Request the SSL

Go to the Certificate Manager in Amazon (  Click “Request a certificate” and enter * (using the domain of the company).  Select Email authentication and finish the wizard.  This will email all email addresses associated with the domain a request to approve the certificate.  Once the certificate has been approved, proceed with creating a cloudfront.

Create cloudfront

Go to cloud formation in Amazon (  Create a new stack, use this as the template:

Google Drive\Technology Platform\Amazon\new client ssl.yml

The stack name should reflect the client name.  The CloudFrontAlias should be the domain (*  Change the CloudFrontSSLCert to the id for the one you just uploaded. Everything else leave blank/default.

After it has completed, go to Cloud Front in Amazon ( and edit the new cloudfront.

Change the Alternate Domain Names to include something like <domain>

Edit the Origin settings and set the Origin Domain Name to

Setup cname record

Create the cname record to have <domain> point to the cloudfront distribution.

Have client setup cname records

The client will need to setup any cname records they want to use and have them point to the above set up <domain> record.  The cname records they will likely need (at least initially) are:



login (or whatever subdomain they want to use to log into the system)