Thanks for the detailed steps. I guess this is for server side TLS (correct me if I am wrong), what needs to be done for mutual TLS?
On Wednesday, November 16, 2016 at 11:30:32 PM UTC+5:30 Christian Svensson wrote: > > On Wed, Nov 16, 2016 at 6:33 PM, AK <[email protected]> wrote: > >> The client code has server address as 0.0.0.0:50051 not as >> localhost:50051, as mentioned in my previous reply. >> > > You need to mint the certificate for the same CN as you connect to. > > 1. Create a server private key. This is what the server needs to have, > it's super-secret. > 2. Create a server certificate with CN=localhost, self-signed. This is > what the server and the client needs to have, it's public. > 3. In the client, use the server certificate (*not* the key) as a "roots". > This will tell your client to trust servers using that certificate - but > only if the CN matches the address you connect to. > 4.In the client, connect to localhost. > > Done. > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/3381c7cd-7656-43e7-9bf0-2dd4e96b6257n%40googlegroups.com.
