Open sharooksubana opened 2 years ago
@sharooksubana
I'll tell you what I did and what worked for me. First of all generate certificates as described here: https://lightbend.github.io/ssl-config/CertificateGeneration.html
It shows howto generate CA certificate which is later used to sign the server certificate. When you configure your server certificates the only thing you have to do is to supply appropriate cacert
to grpcurl
invocation. In case of aforementioned documentation, it will be exampleca.crt
from this section.
Do not forget to add -ext "SAN=DNS:<put-your-server-address-here>"
flag when generating certificates. Otherwise grcpurl will complain that CN
is obsolete/deprecated (or sth like that).
@kczulko i don't think this have explained nothing at all
It is unclear from the description if you are using client cert authentication. If so, you need to use -cert
and -key
args. If you are doing that and the server is rejecting the connection due to not trusting the cert, the issue is the server's configuration for trusted certificate authorities (or you are just using an invalid client cert).
Also note that grpcurl
requires all of these (client cert and key, or certificate authority certs) to be encoded in PEM format. So if you have certs in a different format, you will need to convert them to PEM (which can likely be done using openssl
).
When I try to run the grpc service method using grpcurl everything works fine but when I try to execute a command in grpcurl through 3rd party application it throws an error saying certificate signed by an unknown authority, I wanted to know which certificate to pass and how to pass to establish the Secured TLS