diff --git a/google/resource_compute_ssl_certificate.go b/google/resource_compute_ssl_certificate.go
index 796f23f6..452a8be9 100644
--- a/google/resource_compute_ssl_certificate.go
+++ b/google/resource_compute_ssl_certificate.go
@@ -49,10 +49,11 @@ func resourceComputeSslCertificate() *schema.Resource {
 				Sensitive: true,
 			},
 			"private_key": {
-				Type:      schema.TypeString,
-				Required:  true,
-				ForceNew:  true,
-				Sensitive: true,
+				Type:             schema.TypeString,
+				Required:         true,
+				ForceNew:         true,
+				DiffSuppressFunc: sha256DiffSuppress,
+				Sensitive:        true,
 			},
 			"description": {
 				Type:     schema.TypeString,
diff --git a/google/utils.go b/google/utils.go
index 2ada16b0..67883350 100644
--- a/google/utils.go
+++ b/google/utils.go
@@ -3,6 +3,8 @@
 package google
 
 import (
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"log"
 	"strings"
@@ -179,6 +181,12 @@ func ipCidrRangeDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
 	return false
 }
 
+// sha256DiffSuppress
+// if old is the hex-encoded sha256 sum of new, treat them as equal
+func sha256DiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
+	return hex.EncodeToString(sha256.New().Sum([]byte(old))) == new
+}
+
 func caseDiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
 	return strings.ToUpper(old) == strings.ToUpper(new)
 }