gcloud alpha compute ssl-policies create - create a new Compute Engine SSL policy
gcloud alpha compute ssl-policies create SSL_POLICY [--custom-features=[CUSTOM_FEATURES,...]] [--description=DESCRIPTION] [--min-tls-version=MIN_TLS_VERSION; default="1.0"] [--profile=PROFILE; default="COMPATIBLE"] [--global | --region=REGION] [GCLOUD_WIDE_FLAG ...]
(ALPHA) gcloud alpha compute ssl-policies create creates a new SSL policy.
An SSL policy specifies the server-side support for SSL features. An SSL policy can be attached to a TargetHttpsProxy or a TargetSslProxy. This affects connections between clients and the HTTPS or SSL proxy load balancer. SSL policies do not affect the connection between the load balancers and the backends.
- SSL_POLICY
Name of the SSL policy to create.
- --custom-features=[CUSTOM_FEATURES,...]
A comma-separated list of custom features, required when the profile being used is CUSTOM.
Using CUSTOM profile allows customization of the features that are part of the SSL policy. This flag allows specifying those custom features.
The list of all supported custom features can be obtained using:
gcloud compute ssl-policies list-available-features
- --description=DESCRIPTION
An optional, textual description for the SSL policy.
- --min-tls-version=MIN_TLS_VERSION; default="1.0"
Minimum TLS version. MIN_TLS_VERSION must be one of:
- 1.0
TLS 1.0.
- 1.1
TLS 1.1.
- 1.2
TLS 1.2.
- --profile=PROFILE; default="COMPATIBLE"
SSL policy profile. Changing profile from CUSTOM to COMPATIBLE|MODERN|RESTRICTED will clear the custom-features field. PROFILE must be one of:
- COMPATIBLE
Compatible profile. Allows the broadest set of clients, even those which support only out-of-date SSL features, to negotiate SSL with the load balancer.
- CUSTOM
Custom profile. Allows customization by selecting only the features which are required. The list of all available features can be obtained using:
gcloud compute ssl-policies list-available-features
- MODERN
Modern profile. Supports a wide set of SSL features, allowing modern clients to negotiate SSL.
- RESTRICTED
Restricted profile. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
- At most one of these can be specified:
- --global
If set, the SSL policy is global.
- --region=REGION
Region of the SSL policy to create. Overrides the default compute/region property value for this command invocation.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud compute ssl-policies create
$ gcloud beta compute ssl-policies create