I have a gRPC
service that I can run with:
- no authentication
- server side only authentication
- mutual authentication
Using x509 openSSL certificates I generated using openssl
.
I have verified correct operation of the server by using grpc_cli
for all 3 modes.
Now I'm trying to use Postman
because it has a nicer GUI, and it supports streaming RPCs in addition to the unary ones to which grpc_cli
is restricted.
But I'm finding it a challenge to configure Postman
to work with mTLS
. The documentation is very clear and I've followed the steps, but my server responds with:
E1106 18:51:49.979164000 6136066048 ssl_transport_security.cc:1420] Handshake failed with fatal error SSL_ERROR_SSL: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE.
Whenever I invoke a gRPC
call that works just fine when the server is running with just server-side authentication. Conclusion: postman
isn't presenting a cert with the gRPC
invocation.
Maybe postman
doesn't yet support mTLS
with gRPC
? All the examples in the documentation are for HTTPS
.
My postman
certificate settings are (gRPC
settings tab):
- enable server certificate verification = true
- overwrite server name for certificate verification = the
Subject
in the server cert, the server's actually running at localhost:nnnn
and ('postman` general settings):
- CA certificates - I uploaded my
ca.crt
file which is used to sign both the client & server certs here. - Host - set to a wildcard that matches both the client and server
Subject
fields in the certs used. - CRT file =
/path/to/client.crt
- KEY file =
/path/to/client.key
Last piece of info - I get nothing in the postman
console when invoking the gRPC
. It's completely blank.
Thanks in advance for your help,
VS