Comments (9)
mrdulin
commented on July 26, 2024
6
@jhump Thanks for reply. I tried -insecure flags, but still got same error.
☁ grpc-go-cnode [master] grpcurl localhost:3000 list -insecure
Failed to dial target host "localhost:3000": x509: certificate signed by unknown authorityserver logs:
2020/08/28 12:38:50 http: TLS handshake error from [::1]:57784: remote error: tls: bad certificateSo, I want to try -cacert flag. How should I use this flag? Which certificate should be used?
UPDATE:
-insecure flag works fine. Pay attention to the order of the parts of the command
grpcurl [flags] [address] [list|describe] [symbol]☁ grpc-go-cnode [master] grpcurl -insecure localhost:3000 list
grpc.health.v1.Health
grpc.reflection.v1alpha.ServerReflection
topic.TopicService
user.UserService-cacert flag works fine too. Example:
☁ grpc-go-cnode [master] grpcurl -cacert=./assets/server.crt localhost:3000 list
grpc.health.v1.Health
grpc.reflection.v1alpha.ServerReflection
topic.TopicService
user.UserServicefrom grpcurl.
jhump
commented on July 26, 2024
1
@gugahoi, correct. If you want to verify the self-signed cert (vs. just trusting any server cert), you would add it to your set of trusted root certs with the -cacert option.
from grpcurl.
brandonros
commented on July 26, 2024
-insecure
from grpcurl.
gugahoi
commented on July 26, 2024
This is actually ignoring the handshake instead of accepting certificates. I assume the cacert option the the correct way about this but unsure?
from grpcurl.
mrdulin
commented on July 26, 2024
same issue for self-signed certificates generated by below shell script:
#!/bin/sh
echo "generating credentials and private key for server and client..."
openssl genrsa -out ./assets/server.key 2048
openssl req -new -x509 -days 3650 \
-subj "/C=GB/L=China/O=grpo-server/CN=localhost" \
-key ./assets/server.key -out ./assets/server.crt
openssl genrsa -out ./assets/client.key 2048
openssl req -new -x509 -days 3650 \
-subj "/C=GB/L=China/O=grpo-client/CN=localhost" \
-key ./assets/client.key -out ./assets/client.crtfrom grpcurl.
jhump
commented on July 26, 2024
@mrdulin, did you read the above comments and why the issue is closed? This is expected behavior. You have to configure grpcurl to either not check the cert (-insecure) or to trust it (-cacert).
from grpcurl.
sharooksubana
commented on July 26, 2024
I am also facing same issue -insecure works fine but I wanted to verify the self-signed cert can anyone give the good example how to use the -cacert flag and from where should I get the certificate
from grpcurl.
sharooksubana
commented on July 26, 2024
hi, Can anyone tell me how to use -cacert and which certificate to submit its been 2 months since I have stuck with it
from grpcurl.
cavator
commented on July 26, 2024
i grpcurl -cacert=ca.pem -d='{"id":""}' user-service:443 GetUser
still getting
x509: certificate signed by unknown authority
any help?
from grpcurl.
Related Issues (20)
- Whether I can get the structure of the request parameters and response parameters of the grpc interface, this is very useful to me HOT 5
- Bump google.golang.org/grpc for CVE issue HOT 1
- With an UnaryResponse, OnReceiveResponse is never called HOT 1
- Fails to display response headers in case of "unexpected HTTP status code"
- Security Vulnerability: Update grpc version to at least 1.58.3 HOT 8
- Fail to inspect custom `gRPC` server HOT 2
- BUG - Failed to list methods for service "tamama.grpc.Tamama": Symbol not found: tamama.grpc.Tamama HOT 4
- `remote reset` error with 1.8.8 and higher HOT 1
- Wrong error message if a server requires client certificates
- Unix Domain Socket connection should use `localhost` authority header convention by default HOT 2
- Add the OpenSSF Scorecard Github Action HOT 1
- Attempts to install fail because of "missing do in first path element" HOT 2
- Cannot list methods of a service and make requests HOT 1
- Publish releases to winget HOT 1
- Possible to support other codec? HOT 1
- Server reflection fails when using well-known types (Timestamp) HOT 3
- Google Cloud Run producing `context deadline exceeded`
- protoset-out does not get namespace when using reflection HOT 5
- Create Process Failed to Run Issue HOT 1
- Include more output while connecting and reflecting with verbose mode
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from grpcurl.