The original question says that you want to protect against MITM attack and there's no way of doing that without making sure that you are talking to the right backend (and that's why the server's cert needs to be signed by the CA , so the client can tell it's not talking to a fake server).
AFAIK while in theory the CA cert can be the same as the server cert, in practice the CA certificate cannot be identical as the the server certificate itself, because OpenSSL forbids that (the subject of the CA cert must not be equal to the server certificate subject, which is impossible to satisfy when they are the same file) and this is probably for a good reason. Btw, feel free to refer some of the examples here: https://github.com/jtattermusch/grpc-authentication-kubernetes-examples On Friday, June 7, 2019 at 8:44:52 AM UTC+2, Sam wrote: > > So is there a way of bypassing the use of the CA in gRPC ? I know it seems > weird I want to do this, but I don't need the authentification part (the > whole point of using the CA right ?) I just need the connection to be > encrypted. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/f32389c7-4093-4dda-9afc-795c06c070fe%40googlegroups.com.
