I'm facing a similar issue.Was this resolved by any means??? On Wednesday, June 14, 2017 at 1:50:53 AM UTC+5:30 AK wrote:
> Following one of group member's help as below I was able to create SSL/TLS > based client-server. > > You need to mint the certificate for the same CN as you connect to. > > 1. Create a server private key. This is what the server needs to have, it's > super-secret. > 2. Create a server certificate with CN=localhost, self-signed. This is > what the server and the client needs to have, it's public. > 3. In the client, use the server certificate (*not* the key) as a "roots". > This will tell your client to trust servers using that certificate - but > only if the CN matches the address you connect to. > 4.In the client, connect to localhost. > > > At that time, gRPC only supported certificates created with hostname value > for CN. Now that gRPC 1.4.x supports Subject Alternate Names (SAN), IP > address can also be used to connect to server. But, I am having problem > with SANs. The moment I supply the certificates created with SAN I get the > following error. > > E0613 13:01:34.755411031 26365 ssl_transport_security.c:925] Handshake > failed with fatal error SSL_ERROR_SSL: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. > > Greeter received: RPC failed > > Here is the process I used to create certificates > > mypass="pass123" > > echo Generate server key: > > openssl genrsa -passout pass:$mypass -des3 -out server.key 4096 > > > echo Generate server signing request: > > openssl req -passin pass:$mypass -new -key server.key -out server.csr -config > ssl.cfg > > > echo Self-sign server certificate: > > openssl x509 -req -passin pass:$mypass -days 365 -in server.csr -signkey > server.key -set_serial 01 -out server.crt -extension v3_req -extfile ssl.cfg > > > echo Remove passphrase from server key: > > openssl rsa -passin pass:$mypass -in server.key -out server.key > > > I am wondering what mistake did I do in the above key-certificate creation > steps ? > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/1637aacf-fba9-4fb9-9e6f-bede640ebf51n%40googlegroups.com.
