Closed archana-elrod closed 3 years ago
The problem is that you are passing an object of the wrong type to server.bindAsync
(or whatever the corresponding function is). You need to use ServerCredentials.createSsl
. It looks like you may be using credentials.createSsl
, which can only be used on the client.
@murgatroid99 , thank you very much for quick reply.
If I use following ServerCredentials.createSsl as following
credentials: ServerCredentials.createSsl(
fs.readFileSync(join(process.cwd(), 'certificates', 'ca.cert')),
[
{
private_key: fs.readFileSync(
join(process.cwd(), 'certificates', 'service.key'),
),
cert_chain: fs.readFileSync(
join(process.cwd(), 'certificates', 'service.pem'),
),
},
],
true,
)
Then I get following error:
(node:95885) UnhandledPromiseRejectionWarning: TypeError: Channel credentials must be a ChannelCredentials object
at new ChannelImplementation (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/@grpc/grpc-js/src/channel.ts:174:13)
at new Client (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/@grpc/grpc-js/src/client.ts:150:30)
at new ServiceClientImpl (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/@grpc/grpc-js/src/make-client.ts:128:3)
at ClientGrpcProxy.createClientByServiceName (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/@nestjs/microservices/client/client-grpc.js:64:28)
at ClientGrpcProxy.getService (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/@nestjs/microservices/client/client-grpc.js:30:33)
at HeroController.onModuleInit (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/src/hero/hero.controller.ts:27:36)
at MapIterator.iteratee (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/@nestjs/core/hooks/on-module-init.hook.js:22:43)
at MapIterator.next (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/iterare/src/map.ts:9:39)
at IteratorWithOperators.next (/Users/archanamaharjan/Desktop/dev/practice/grpc-mtls/node_modules/iterare/src/iterate.ts:19:28)
at Function.from (<anonymous>)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:95885) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:95885) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
That error is from the client. You need to use credentials.createSsl
for the client, and ServerCredentials.createSsl
for the server.
Thanks @murgatroid99, I appreciate your help 👍🏽
Separating both server and client resolved the issue for TLS. Hopefully, it'll be same for MTLS as well. Sharing the working repos just in case: grpc-mtls, grpc-mtls-client
Problem description
I'm a newbie to gRPC, and I've been trying to add TLS using the certificates generated by following openssl scripts, however, I'm getting following error, I wonder if I'm missing any config or some parameters for localhost, please let me know what am I doing wrong!
Step 1. Create certificates.conf then add following contents by replacing Country, State and Organization Name
Step 2. Create Root signing Key
Step 3. Generate self-signed Root certificate by replacing Country, State and Organization Names.
Step 4. Create a Key certificate for the Server
Step 5. Create a signing CSR, note create conf file with
Step 6. Generate a certificate for the Server
Reproduction steps
grpc-mtls has replicable issue. Please add "certificates" folder in "grpc-mtls" root folder and add your valid certificates into it or generate one using above scripts.
Environment
Additional context