Use JKS (Java KeyStore) file rather than key + cert for grpc-java ssl encryption

[ran...@addepar.com]

Hi

Does anyone know how to use  JKS (Java KeyStore) file rather than key + cert for grpc-java ssl encryption?

[Eric Anderson]

Make a KeyManagerFactory for the JKS and then pass it to gRPC with something like this:

NettyChannelBuilder.forPort(0)

    .sslContext(GrpcSslContexts.configure(SslContextBuilder.forServer(keyManagerFactory)).build())

    .build();

SslContextBuilder is from Netty.

On Tue, Apr 25, 2017 at 11:55 AM, ran.bi via grpc.io <grp...@googlegroups.com> wrote:

Hi

Does anyone know how to use  JKS (Java KeyStore) file rather than key + cert for grpc-java ssl encryption?

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscribe@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/6445ec80-4098-488a-8459-956b55a72fe0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ran Bi]

Does client need the same ssl context?

On Tue, Apr 25, 2017 at 1:52 PM Eric Anderson <ej...@google.com> wrote:

Make a KeyManagerFactory for the JKS and then pass it to gRPC with something like this:

NettyChannelBuilder.forPort(0)

    .sslContext(GrpcSslContexts.configure(SslContextBuilder.forServer(keyManagerFactory)).build())

    .build();

SslContextBuilder is from Netty.

On Tue, Apr 25, 2017 at 11:55 AM, ran.bi via grpc.io <grp...@googlegroups.com> wrote:

Hi

Does anyone know how to use  JKS (Java KeyStore) file rather than key + cert for grpc-java ssl encryption?

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.

[Eric Anderson]

If you want to use TLS client certificates or the server's certificate isn't trusted by the default root (i.e.., it is self signed or you've made your own certificate authority), then yes. But most of the time you don't need to specify an sslContext on client-side and just let gRPC use its default.

On Tue, Apr 25, 2017 at 4:43 PM, Ran Bi <ran...@addepar.com> wrote:

Does client need the same ssl context?

On Tue, Apr 25, 2017 at 1:52 PM Eric Anderson <ej...@google.com> wrote:

Make a KeyManagerFactory for the JKS and then pass it to gRPC with something like this:

NettyChannelBuilder.forPort(0)

    .sslContext(GrpcSslContexts.configure(SslContextBuilder.forServer(keyManagerFactory)).build())

    .build();

SslContextBuilder is from Netty.

On Tue, Apr 25, 2017 at 11:55 AM, ran.bi via grpc.io <grp...@googlegroups.com> wrote:

Hi

Does anyone know how to use  JKS (Java KeyStore) file rather than key + cert for grpc-java ssl encryption?

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscribe@googlegroups.com.

[Ran Bi]

I see.

Thanks so much for the quick reply, Eric! 

On Wed, Apr 26, 2017 at 8:07 AM 'Eric Anderson' via grpc.io <grp...@googlegroups.com> wrote:

If you want to use TLS client certificates or the server's certificate isn't trusted by the default root (i.e.., it is self signed or you've made your own certificate authority), then yes. But most of the time you don't need to specify an sslContext on client-side and just let gRPC use its default.

On Tue, Apr 25, 2017 at 4:43 PM, Ran Bi <ran...@addepar.com> wrote:

Does client need the same ssl context?

On Tue, Apr 25, 2017 at 1:52 PM Eric Anderson <ej...@google.com> wrote:

Make a KeyManagerFactory for the JKS and then pass it to gRPC with something like this:

NettyChannelBuilder.forPort(0)

    .sslContext(GrpcSslContexts.configure(SslContextBuilder.forServer(keyManagerFactory)).build())

    .build();

SslContextBuilder is from Netty.

On Tue, Apr 25, 2017 at 11:55 AM, ran.bi via grpc.io <grp...@googlegroups.com> wrote:

Hi

Does anyone know how to use  JKS (Java KeyStore) file rather than key + cert for grpc-java ssl encryption?

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/6445ec80-4098-488a-8459-956b55a72fe0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "grpc.io" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/grpc-io/cRPysB5AcMU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to grpc-io+u...@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.

To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CA%2B4M1oPNms3dp3jpFrRGGneNGGMHtdGts1DHP9f4BfZQ_u-AWw%40mail.gmail.com.

[Jeff Gaer]

I'm confused by the answer. I build my server using the following code.

server = ServerBuilder.forPort(port). useTransportSecurity(certFile, keyFile).addService(this).build().start();

I don't see anyway to set the channel on the ServerBuilder.

[Mark Chesnavsky]

Jeff, you need to use NettyServerBuilder, rather than ServerBuilder

среда, 24 марта 2021 г. в 16:23:11 UTC+3, Jeff Gaer: