Hi, I have a gRPC client (C# and Python) using client-side SSL which is terminated in an Istio ingress gateway (envoy) before reaching the service.
When using a genuine certificate from LetsEncrypt everything works fine. However, when the ingress gateway is configured with a self signed SSL certificate, generated from a root CA which has been added to the trust store (keychain/cert-manager) on the client machine, the connection fails: E1029 17:01:45.274918000 123145515409408 ssl_transport_security.cc:1229] > Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL > routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED. Chrome/curl etc will connect to the http services behind the same ingress gateway without SSL warnings (given that the root CA certificate has been added to the trust store). My question is: should gRPC also be using the trust store for client-side SSL? If so, any ideas what I might be doing wrong. Thanks, Mark -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/dabdd83e-1df6-43f1-b926-398565973361%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
