How to enable self signed certificate at grpc client

3,727 views
Skip to first unread message

shikhach...@gmail.com

unread,
Dec 17, 2015, 10:08:53 PM12/17/15
to grpc.io
Hello , 

My server is using a self signed certificate & grpc client is giving the following during handshake:

E1216 05:45:26.207948842    9635 ssl_transport_security.c:838] SSL_get_error :1.
E1216 05:45:26.207969849    9635 ssl_transport_security.c:852] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL 
routines:ssl3_get_server_certificate:certificate verify failed.
E1216 05:45:26.207973991    9635 secure_transport_setup.c:219] Handshake failed with error TSI_PROTOCOL_FAILURE
E1216 05:45:26.207978320    9635 secure_channel_create.c:85] Secure transport setup failed with error 2.

Can somebody suggest what am i missing ?


-Thanks
Shikha

Michael Lumish

unread,
Dec 17, 2015, 10:10:34 PM12/17/15
to shikhach...@gmail.com, grpc.io
Have you set your client up to recognize the self-signed certificate?

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/5866d55e-d9b2-4274-844b-5d363322eab7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Michael Larson

unread,
Dec 17, 2015, 10:27:55 PM12/17/15
to grpc.io
this repo (from another list member) shows the steps needed to use a self-signed certificate for both server and client, and includes a shell script to walk you through creating the certs too

it's in ruby but the function calls are pretty much the same in the other c wrappers

To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CAPK2-4e%3DHjEw%3DrdSNW7T11%3DR%3DguZigOsOumA3-i3240MMgkxEg%40mail.gmail.com.

shikhach...@gmail.com

unread,
Dec 17, 2015, 10:46:41 PM12/17/15
to grpc.io
Hey ,

Can you re-post the link , the current one isn't working .

-Thanks

shikhach...@gmail.com

unread,
Dec 17, 2015, 10:57:08 PM12/17/15
to grpc.io, shikhach...@gmail.com

How to do that ? 
- I have just copied 
 https://pki.google.com/roots.pem into the env variable , but a
s my server is not using a certificate signed by a CA , so this will not help.
- Some setting at client am i missing ?
 #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \   "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"



Client code snippet : 

      SslCredentialsOptions ssl_opts = {"", "", ""};
   
      Client greeter(grpc::CreateChannel(std::string(argv[2])+":ABCD", SslCredentials(ssl_opts), ChannelArguments()));
      

-Thanks

shikhach...@gmail.com

unread,
Dec 17, 2015, 11:02:58 PM12/17/15
to grpc.io, shikhach...@gmail.com
I am using C++.
Reply all
Reply to author
Forward
0 new messages