Two immediate questions;: Did you swap the order of the root cert and the my_cert? When I used openssl verify I had to swap the order. Normally I would call the CA cert the root. I think you need to rename the two certs to each other.
The authority you connect to in your client needs to match the authority in the cert. You are trying to connect to "localhost", but the cert is for "LT-8204PT.cellebrite.local". They have to match. You can either add a dns entry in your hosts file to point LT-8204PT.cellebrite.local to 127.0.0.1, or you can regenerate the cert for localhost. On Wednesday, October 17, 2018 at 7:13:38 AM UTC-7, [email protected] wrote: > > Hi, > I am trying to setup a gRPC client and server example on WSL with SSL > (server authentication only) > > I created the following files (following this tutorial: > https://jsherz.com/grpc/node/nodejs/mutual/authentication/ssl/2017/10/27/grpc-node-with-mutual-auth.html > ) > > *my_root_cert.crt* > -----BEGIN CERTIFICATE----- > MIIEgDCCAmigAwIBAgIQBSsnVXC24hhmdgVV6NlFXzANBgkqhkiG9w0BAQsFADA3 > MRcwFQYDVQQKEw5FbnJpY2htZW50IEluYzEcMBoGA1UEAxMTRW5yaWNobWVudCBz > ZXJ2aWNlczAeFw0xODEwMTcwODE2MjVaFw0yMDA0MTcwODEwMTFaMCUxIzAhBgNV > BAMTGkxULTgyMDRQVC5jZWxsZWJyaXRlLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEF > AAOCAQ8AMIIBCgKCAQEAuk+HpXl6WE7oYm+AfgRqPWDc4MWCErax7LmFXXQXuh9x > a6Rv7fa/Vu7v31mQhdrFIcQu8DW/4q9jkGTYp4mUsmA7TapWhWDtN1GCr+gHeUYN > oFwXP3pki9BWWCR4lrCNeInSpDzTn71eymyfItUcWYHWcm4uM/hQ03/KpXtDzdHr > IQPDH6QmNFi8ulfyv6Urr/DOC9QHazgYnShHPJMEnUXv05vP0lAT30qR/9yaTcke > XI+332G+38iivLNp1ESWh+u+uMm1Yf/cz/Ai1rCPdTct/br1bl2LWm1vz6vI176W > 93oHCOOcAW+/Hf/11F/KvtlVBoZ0Tl6e7d++tDnG9wIDAQABo4GZMIGWMA4GA1Ud > DwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O > BBYEFP/stlJSMQ0Pf1I8RFZ9jMNFqbmlMB8GA1UdIwQYMBaAFMKTZ5z5ZU9uSurP > Lqi1Yfnfi4gfMCUGA1UdEQQeMByCGkxULTgyMDRQVC5jZWxsZWJyaXRlLmxvY2Fs > MA0GCSqGSIb3DQEBCwUAA4ICAQAEdZ5+RvPfg46DypZx3pctlWa4r2yFln8gzwyW > Xq6VaK29jkFNlbchOXkFrhtOWIskZLmmNhLOCWHDgvleclt96kHxjr4tAC8S6rRb > sjTSnhkIFOQYSGvBDTTuvNb371zl5kXlnCFntvpOh4PxTmzlyb1TdnZXUYWSDuDl > eL5KBeFCoZhzsohZB+LTsOeRfYR86koMSpZKZcg5NxQfjdni7WMPti956jITOKm/ > FVh57HWMZWe587gtvK9Ntm29j4uiX6skpgprHgHwzBnfYIiyCWRneu2IZ7oJjeU1 > s+IsskYpNLx/9tyV3PHcbcslvxDsV8SntW6Ds5kIc/qtgBqv2cmAc4fECTEJdJLP > 7aMBhq3nKTEQoogy0VgNUKrQG66y0x467epiHtMO6doxCEt0wcvH/Z4ou4Vm9MtL > dXpJ4a60Vqpd1Da3WuyNFP0YeINeDjgREJHEIkdwpbm86RkxgZtQM2C7lsB3A4rg > H2ql7nvx3YXQOqcdWk+OwB6f70nvEm8Ph1U/qeLPchB4YnzQ670nDRjY4boKaZ1g > hZKdD/J6j9Aua7F2NhCvzFlgKEALZbhPzzy+XwYZWf+oF2OB+rVA462g6ULWplkd > 70Nb+hecRqp8y4D1qn1bcZftfsAxhv73Myb+fwUBnhWNKTFpW5HSTZYY0qx5zOf1 > rlGphw== > -----END CERTIFICATE----- > > *my_private.key (private_key)* > -----BEGIN RSA PRIVATE KEY----- > MIIJKQIBAAKCAgEAzcgKxU9Xss9Lup0atVdCrRAn/W/mAyVpSZrlRWdO9/Rk4GuN > MehNNaCUrux+UQ8kUJn8S9+PBHW1SSG/IkRazfnk9Y9ThlIQiU3PNVbY9cHwXwf1 > kTtMe7jo58B1vY4MM4Llu311WQ74ru4voElyupZh7m8wlbEIhqNZAuZ2733wgntv > kX0EXVb1wKdnQDCX+aDwti6KEIyI04dMdlpJ+cwkJnXTErwCdePF26lx8Lw3SNji > WLiiQJewBJQ5qDmeOL/5dDXu4cf/6kp/wPrQaKUEAtw8gK90QJJR9trO2GiWalhI > b+oHA+eLsOultqk3ZlQ0l84QKtwUkDnPpR4PK5yI+ykBZXSuFX0eyM0vOIf65I3e > UxIfKGm3f4Xh0gn2hRCFvVQ/wNUdsTi+itn9JipzzPK/OtI7+pkLi/mEdb6uD+50 > 9Y/icnVope3KNsYqAfg0KNiv5l5gBzEISvRbwm4IEQ/4QjyBAPac19LoI1scECv4 > imyD/R3/7bxdbsTPJwg+wdyevGB1SU0D2DtopM8qR62lqzcJLaeZXIq1U5TYqwFu > CsEjs8ZKiTe+2NiFpCFvPtZha4ulUt2sdk8h/d07VZW92i1EnkeKyRTVo0TLkU0m > v46/bFH5VkoruAJFsuNPucdK35s6yPFgH2/Xtql7VL3ZRNGapjsukf6uHPUCAwEA > AQKCAgEAnKKhODE9wvixXxnIw7HpKcx7dBkhztFCRGmoDN0nKewYgQ68yflWE/To > WAHh4JeS/9tGRQalWTKzzDfowg+fwtttYVE4taxvs+PLToGN4fs+mUd4r5Sgkihc > +FLyDFg8h1Uiw0Uq9qBDwPvCutJNhyOC5bgzFi5MHBfoYCHG9GM7mEaW1PqBQP85 > Tuzd1elnNPdBYpsoMpKWb9Sz6f6uAntWJQRYpxD/GndHGv3uodzShBu6pufbcSlF > LScagCdjfTT7j26iJ7BR5yfP+LexvYWl+Ptk/lsPNTtrMmi5O9bYb5hFgxJzRpCQ > Lxof6FsDtVtxMQAEJGujJ2kp2jh4OE630b/yrHdhfXiBCnvnaZZatr8x5QwTS7d8 > 6AF2/CGmbnKe5CfJ4ry99EQrIhUNk19l+De2lk5hDHldm+8A5zJVKzPEcj7wU/sC > jXDS3orDcECBr2bqWp0pLHPy+SQcerPsnpD+1pxsPPuJhOdpLRTNk99umhojiWdw > i17EjR9qKE1aFSfBCu7DloVD0bF9+nDLmVT2P9oZAchRI8Qd/o93K+FUTKpbybyQ > D7YVb3CDnshtCV2DfyeVibVnoJOdEuY72/KF5qbphBpH/NSL5RgJ90n3Xo+x8qyd > 2GjapwdOYRSWuJRaqlD4pPeWRs/A5NXSJi9cfGoRL5aW+T18feECggEBANV3xf9a > kFsoms10Sg+OSU15mhcvPkLkqnMiiqjGGWtjGT9H5PuFjTvBY36f0rlWADLvSPyz > oNuV3JaMhAFpjYUQzFXOtbm/CejjzQdn8ZLW6WtMA4e8buy/w9Xek0XgZXsvNAg1 > U2OWKXH0qUN0GtVc2smo6dy+uy6L7LkNc+QDWopBzDdZf8r/k1dRI7iU5zSo/Bo6 > f04d3AYf5QGTmBosJYkXppzk/TRc7/O7jjr5Ta0zF3lE9sdSsdrCCNFb5jgJafuu > 8Is5li49jbQ2IxXgPVvHqVW4RebcV6IcXavmNnUUYENDr7bLqAWdsKhu7kF0L3f7 > FyHJrMHvjzwbqskCggEBAPbINeMx6uTpDrktf/O+ecsmBB9Y+9k6hh5mxdq/aZDd > rYeiZ2hSm7haZQEXPa04S0Z0CgqWw/ucCgOdUUdprzWiomGKcKdBn/cro4mauoFQ > DXs9BBhQBWRbNNe9jIR9g6aOW3wsoS+4+qwU/98fxD0g5jHznclge0c7ny8LygYF > T/dhAv/XM79zX9Vdr88H69ELsGRzC28bOECYwU8kxFL109CSoNjxljj0NlGSARUC > 2ZzIQ2lMxhRzy1a7U/7KA/vYw7sY+vbLQOYPZ0WqxvIwbltJ2URSBrylCel9ehKa > /hIDrIMSgnBx/hHWE0IaGqkNlgLJYWMJTD2QxYPGis0CggEAcRwj9+he8U6UqCTk > UVXNlZXHhl1sGjnb72HwIvnE4lgCOru3o2birTUNqTy6haYCOPr9q5jqtS+1ULho > Ae+SI14BR75eIGwPri12qGP1Zx8lU8tVW4kHJb9+30Yutynt29XpNig7ZVtd3poL > TkipJ0EqVQyBzovp1wIhjvSH4du9D+FJelKcGk5OHkhKKzYLRKX930/7wMKloUEp > MSqpv8SApyG3EQ9s82ADbRyGgs0y0YFvAL0AHiG9R/LkhTqyxCKI2+mYX81FvH61 > JTZCZQcKvCURnvAjae57KNTq9XjohiUj1MB6zNsgzsj9oGIXMOuFc4fCfA7G0YRE > W081sQKCAQAnTQkv7nIvFGKQ4QsggTQaQyqi52PsW2KiktFtndAtDvCkyhtXxNgh > ytuNCet7m5x5Ut+Kgioh9t6tZq9cBRuvGgBsMkTwjgXwshVwQ6DyGRKcjsIJMS06 > pz/KH9ix/N8rdj5hjyX4WKgrIYkCOqfg6E1gpSB6wo+/b2JRdrosrUnn5p44qkgG > dFRNwYbPHL7UYt0rkhq/DgGuX+VhOkS9xYJ/E+rjwc2fsly4Lt1XQEXxrv71VRGy > jiJS5LBiwj9SK1o4gKjvBr2GJevXb3QRe98HUMJ2G+4QuuPSOHZpYh+WNNmTYi49 > xBmnM4WLoGagh5ZdST7mK8Plhhm+e679AoIBAQCFZY8hDyEemsHqnzPlkuvG+bBD > RD5QJ9epemDYm78SzDXZ2L1y+luNZVE0XlqXyEXe6z5qcZfa+o7BOLZIXH7qASXf > pGewHjcfPAzWpgYCNCkADbDtLWAhFg3fotGvRYj5n0cqVAmGqZBGsva4mEHA7jn5 > /ra+FPZgKB1UapLrQ9ZxYPNZ9kD3UavTr8U+uWNV1PnOXSyjREyT9LO5N4HJQBEt > IbYf2GHcpAmghq5nxvPTGi9kwhjBhmjyYskMI+yAbWmqBpZ3+2n5Sx9fCnRyQlBx > emU9U0u2Q4S9m58SQAS8nso0WEO1qTR2bAwKTTSROqKeP0SPiLftRMJL8Hnu > -----END RSA PRIVATE KEY----- > > *my_crt.crt (cert_chain)* > -----BEGIN CERTIFICATE----- > MIIFLjCCAxagAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRcwFQYDVQQKEw5FbnJp > Y2htZW50IEluYzEcMBoGA1UEAxMTRW5yaWNobWVudCBzZXJ2aWNlczAeFw0xODEw > MTcwODEwMTJaFw0yMDA0MTcwODEwMTJaMDcxFzAVBgNVBAoTDkVucmljaG1lbnQg > SW5jMRwwGgYDVQQDExNFbnJpY2htZW50IHNlcnZpY2VzMIICIjANBgkqhkiG9w0B > AQEFAAOCAg8AMIICCgKCAgEAzcgKxU9Xss9Lup0atVdCrRAn/W/mAyVpSZrlRWdO > 9/Rk4GuNMehNNaCUrux+UQ8kUJn8S9+PBHW1SSG/IkRazfnk9Y9ThlIQiU3PNVbY > 9cHwXwf1kTtMe7jo58B1vY4MM4Llu311WQ74ru4voElyupZh7m8wlbEIhqNZAuZ2 > 733wgntvkX0EXVb1wKdnQDCX+aDwti6KEIyI04dMdlpJ+cwkJnXTErwCdePF26lx > 8Lw3SNjiWLiiQJewBJQ5qDmeOL/5dDXu4cf/6kp/wPrQaKUEAtw8gK90QJJR9trO > 2GiWalhIb+oHA+eLsOultqk3ZlQ0l84QKtwUkDnPpR4PK5yI+ykBZXSuFX0eyM0v > OIf65I3eUxIfKGm3f4Xh0gn2hRCFvVQ/wNUdsTi+itn9JipzzPK/OtI7+pkLi/mE > db6uD+509Y/icnVope3KNsYqAfg0KNiv5l5gBzEISvRbwm4IEQ/4QjyBAPac19Lo > I1scECv4imyD/R3/7bxdbsTPJwg+wdyevGB1SU0D2DtopM8qR62lqzcJLaeZXIq1 > U5TYqwFuCsEjs8ZKiTe+2NiFpCFvPtZha4ulUt2sdk8h/d07VZW92i1EnkeKyRTV > o0TLkU0mv46/bFH5VkoruAJFsuNPucdK35s6yPFgH2/Xtql7VL3ZRNGapjsukf6u > HPUCAwEAAaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAw > HQYDVR0OBBYEFMKTZ5z5ZU9uSurPLqi1Yfnfi4gfMA0GCSqGSIb3DQEBCwUAA4IC > AQCZicw1L1DK5OEBofVSTKXdAWZnCzVguFl0veNeIk6kvXZjoRB70tssUAOA374O > rIcPq0XXw0kO26m51pnEK2LK4iBlmY4bGWxVNnyh860bzISUunSA1Bw95rSU366V > 1+hVo8sESnJdq6B/miQwsasF0Bd8EDvN9LRFgnw5ModsjRK9soz2BQLPd1row7Gy > lh73OEaKvNmcqN8mygC7uPVztQvbNM7Wb/oIpNIhVvgVqs0j0Yhbn693Ig7k/uuD > zJCF0O34AMbMoHDAdigDyymdcR+TJtroaTnM7w6wquVQIWzGmmY3ix3TUD5YBCWV > 7xVY7X4kXKAkHc/hodA1DH9xgpJyW5Dc7TtDajPPYsOuxFZGJXtdOaIIiL7KbVU8 > Y8oeQi5OPNsouqXBm4i6r5t0BjNx5zRIgvNioKpgdcQsSQvlWLqDfCiOoQgcB/E+ > 1ZR5SH9SLMH+2CSRnCui1TyxJW4yTzVCOkQEWSa1u/67uuzg1y6ouqk3kZGP6Wwg > t3qdFM9sD0Pl/C4qVc9iqdyqIMXSDD4pOLEqyZ7J6V7yg4JCI7gRktGPpcqoHD29 > 78+nsmYxgbdDQ8YxV+UKNxP9ocWYmjh0RMTAvO9J71gVNY4GzWLytKqfci2hb3+v > /vxB0XOqSX7RrmN6eryAHgwFtbTp13SZDAtMxxwbYQYH6Q== > -----END CERTIFICATE----- > > And I use them as follows: > > *Server Code* > server.bind('0.0.0.0:50051', grpc.ServerCredentials.createSsl( > Buffer.from(fs.readFileSync(my_root_cert.crt"))), > [{ > private_key: Buffer.from(fs.readFileSync(my_private.key"))), > cert_chain: Buffer.from(fs.readFileSync(my_crt.crt"))) > }], > false)); > server.start(); > > *Client Code* > var client = new hello_proto.Greeter('localhost:50051', grpc.credentials. > createSsl( > Buffer.from(fs.readFileSync(my_root_cert.crt"))) > )); > > *Result running the client* > E1017 16:17:10.176686000 11891 ssl_transport_security.cc:1229] Handshake > failed with fatal error SSL_ERROR_SSL: error:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify failed. > > *Server error after client made the request* > I1017 17:06:18.330876700 11925 tcp_custom.cc:217] write > complete on 0x2d90750: error="No Error" > I1017 17:06:18.331029000 11925 resource_quota.cc:873] RQ > anonymous_pool_2d8e8d0 ipv4:127.0.0.1:60074: alloc 8192; free_pool -> 0 > I1017 17:06:18.331222900 11925 tcp_custom.cc:174] TCP:0x2d90750 > read_allocation_done: "No Error" > I1017 17:06:18.331411000 11925 tcp_custom.cc:191] Initiating > read on 0x2d90750: error="No Error" > I1017 17:06:18.331593800 11925 completion_queue.cc:954] > grpc_completion_queue_next(cq=0x2d9d220, deadline=gpr_timespec { tv_sec: > -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=(nil)) > I1017 17:06:18.331740200 11925 completion_queue.cc:1054] > RETURN_EVENT[0x2d9d220]: QUEUE_TIMEOUT > I1017 17:06:18.332470400 11925 resource_quota.cc:896] RQ > anonymous_pool_2d8e8d0 ipv4:127.0.0.1:60074: free 8192; free_pool -> 8192 > I1017 17:06:18.332555800 11925 tcp_custom.cc:128] TCP:0x2d90750 > call_cb 0x2dce3c0 0x7f5d07b63a30:0x2dce1f0 > I1017 17:06:18.332633300 11925 tcp_custom.cc:132] read: > error={"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107} > D1017 17:06:18.332712400 11925 security_handshaker.cc:129] Security > handshake failed: > {"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > I1017 17:06:18.332782200 11925 tcp_custom.cc:286] TCP 0x2d90750 > shutdown why={"created":"@1539785178.332702700","description":"Handshake > read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > I1017 17:06:18.332864100 11925 handshaker.cc:212] > handshake_manager 0x2d92650: > error={"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > > shutdown=0 index=1, args={endpoint=(nil), args=(nil) {size=0: (null)}, > read_buffer=(nil) (length=0), exit_early=0} > I1017 17:06:18.333795500 11925 handshaker.cc:245] > handshake_manager 0x2d92650: handshaking complete -- scheduling > on_handshake_done with > error={"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > D1017 17:06:18.333917300 11925 chttp2_server.cc:113] Handshaking > failed: {"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > I1017 17:06:18.334201900 11925 resource_quota.cc:532] RU shutdown > 0x2d916c0 > I1017 17:06:18.334281900 11925 completion_queue.cc:954] > grpc_completion_queue_next(cq=0x2d9d220, deadline=gpr_timespec { tv_sec: > -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=(nil)) > I1017 17:06:18.334347300 11925 completion_queue.cc:1054] > RETURN_EVENT[0x2d9d220]: QUEUE_TIMEOUT > > *Any idea why the handshake fails?* > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/2e2ca4c9-570f-4fa1-8133-b42a65b7973e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
