grpc bundles openssl (boringssl) and ships with its own roots.pem. It does not use the system store on iOS. You can either manually add your CA certificate to that file at `pod install`/`pod update` time or, preferably, configure grpc to use your in-house CA when you create the GRPCCall via https://github.com/grpc/grpc/blob/36b47ce0de60754cf14258e15d25dd2d1bb5abe0/src/objective-c/GRPCClient/GRPCCall%2BChannelCredentials.h#L24
GRPC_TRACE=all will surface some errors that you can use. They show up in the log in Xcode if you have All Output selected. David On Mon, Apr 22, 2019 at 1:36 PM Rob Cecil <[email protected]> wrote: > I have an existing implementation of a c#-based Grpc server (running on > Windows 10 Server), and iOS/Objc-based grpc client and I can successfully > connect, login, make calls, etc. My issue is switching from nonsecure to > SSL, using the same network Name & port, etc. > > I'm using self-signed server certificates, and I distribute the CA Cert > that I created for my org to the test iOS device (via email) and install > the Profile and make sure it is valid and activated in iOS Settings. > > When I enable SSL in the client and server, I cannot connect. There is no > discernable error on either side. The connect aborts right away. > > I am following roughly the same steps here to initialize and start the C# > Server: > > > https://stackoverflow.com/questions/37714558/how-to-enable-server-side-ssl-for-grpc > > Here's my relevant code snippet: > > ServerCredentials credentials = ServerCredentials.Insecure; > if (cfg.UseSSL) > { > var cacert = File.ReadAllText(cfg.CACertLocation); > var servercert = File.ReadAllText(cfg.ServerCertLocation); > var serverkey = File.ReadAllText(cfg.ServerKeyLocation); > var keypair = new KeyCertificatePair(servercert, > serverkey); > credentials = new SslServerCredentials(new > List<KeyCertificatePair> { keypair }, cacert, false); > } > > var server = new Server > { > Services = > { > BackendService.BindService(wanderBackendServiceImpl), > ManagementService.BindService(management) > }, > Ports = { { hostAddress, port, credentials } } > }; > > server.Start(); > > On the iOS side, it simply a matter of not turning on Insecure mode on the > relevant Grpc class (i.e. by default SSL is enabled). > > I am not using Mutual SSL/TLS - the client should just attempt to validate > the server certificate using CA cert it has been signed with (both server & > CA are created internally at my org). > > How do I diagnose my problem? I've been looking at: > > https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md > > But I am not sure where such log information would be by default > generated. Event Log? > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups " > grpc.io" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/grpc-io. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/1b700a9b-edba-4212-95da-03c0c35c634d%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/1b700a9b-edba-4212-95da-03c0c35c634d%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CACN7iOAUM78g8mc5fDPfPe6puN59-v8MGwmJ1Vz45DBzgFLj1g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
