For chain of trust to work, you must ensure that the server is presenting the right cert to the client and the client has Comodo root cert in its trust store. Ensure that you are using the right cert file in the client dial "creds, _ := credentials.NewClientTLSFromFile(certFile, "")". This cert file must have Comodo root cert. Similarly, ensure that the server is using the correct cert and private key file in creds, _ := credentials.NewServerTLSFromFile(certFile, keyFile).
On Thursday, April 16, 2020 at 5:07:20 PM UTC-7 mauricio...@lacity.org wrote: > We implemented a gRPC server in Golang and we’re using a Comodo wildcard > certificate. Everything was going along well until we were audited and > told the chain of trust on our gRPC ports could not be verified. Have > looked at tons of example configs and code samples but we can’t seem to > clear this issue. We are using testssl.sh > <https://github.com/drwetter/testssl.sh> to test our TLS config and no > matter what we do it keeps giving us chain of trust issues. > > We started with the basic server with self signed certs but we’re dinged > for self signed. Moved to the comodo cert but now chain of trust issue. > Any pointers appreciated > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/7ede9efd-d8fb-4fb1-902a-869b29c61ca2%40googlegroups.com.
