Hi all,
I am implementing a GRPC service which must authenticate the clients, so I
set up TLS auth as follows:
SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(
serverPrivateKey, serverCertChain)
.trustManager(serverTrustedCerts)
.clientAuth(ClientAuth.REQUIRE);
GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
In this case serverTrustedCerts is the certificate of our CA, which means
that any certificate signed by this CA is accepted. I need to make this
more restrictive, such that only certain clients are accepted. So I have 2
options:
1. List every single client certificate that I want to allow.
2. Do certificate filtering on the server. All client certificates will
have a certain known string in Subject DN field, so if I can get access to
the certificate, I can regexp for it.
Option 2 is much preferred. How do I do this with GRPC?
thanks,
Eugene
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/c2257519-10ab-4a0e-80d3-a58767db2252%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
