Hello,
We are currently facing an issue with trying to connect our PHP gRPC client with SSL to our Java gRPC server. The gRPC service we are trying to connect to is running on a service mesh (linkerd/namerd), and the call first hits a linkerd instance that routes to the service. When we run a Java client using the trusted certificate, it is able to connect to the server; however, with a Python and PHP client, the SSL connection fails even with the same cert. Java client code: ManagedChannel channel = NettyChannelBuilder.forAddress(host, port) .overrideAuthority(‘cert-common- name’) .sslContext(GrpcSslContexts. forClient().trustManager(new File(‘path/to/cert’)).build()) .build(); Python code: credentials = grpc.ssl_channel_credentials(open(‘path/to/cert’).read()) channel = grpc.secure_channel(host + str(port), credentials, options=(( 'grpc.default_authority', ‘cert-common-name’,),)) PHP code: $channel_credentials = \Grpc\ChannelCredentials::createSsl(file_get_contents (‘path/to/cert’)); $channel = new \Grpc\Channel($hostname, [ 'grpc_target_persist_bound' => 2, 'grpc.default_authority' => ‘cert-common-name’, 'credentials' => $channel_credentials ]); We are interested in fixing the problem for PHP at the moment. Our PHP client runs in a CentOS 7 docker container with nginx + php-fpm. We have tried to make the OS trust the certificate by using update-ca-trust. Running *openssl s_client -connect host:port* returns: > > verify error:num=2:unable to get issuer certificate We receive the following error when calling the server with the created client for PHP: ssl_transport_security.cc:1229] Handshake failed with fatal error > SSL_ERROR_SSL: error:1000007d:SSL > routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED With the gRPC logs, we can see that the connection fails when it tries to call the security handshake. We are not sure why the Java client is able to connect to the server while the PHP and Python clients cannot with the same cert. Has anyone ran into these issues before? It would be helpful if anyone has some information on this as this is currently a high priority blocker for us. Thank you. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/ce0546a9-8a0e-41b1-9f0d-25ff2a415d8b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.