I have a gRPC service that I can run with:
- no authentication
- server side only authentication
- mutual authentication
Using x509 openSSL certificates I generated using openssl.
I have verified correct operation of the server by using grpc_cli for all 3 modes.
Now I'm trying to use Postman because it has a nicer GUI, and it supports streaming RPCs in addition to the unary ones to which grpc_cli is restricted.
But I'm finding it a challenge to configure Postman to work with mTLS. The documentation is very clear and I've followed the steps, but my server responds with:
E1106 18:51:49.979164000 6136066048 ssl_transport_security.cc:1420] Handshake failed with fatal error SSL_ERROR_SSL: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE.
Whenever I invoke a gRPC call that works just fine when the server is running with just server-side authentication. Conclusion: postman isn't presenting a cert with the gRPC invocation.
Maybe postman doesn't yet support mTLS with gRPC? All the examples in the documentation are for HTTPS.
My postman certificate settings are (gRPC settings tab):
- enable server certificate verification = true
- overwrite server name for certificate verification = the
Subjectin the server cert, the server's actually running at localhost:nnnn
and ('postman` general settings):
- CA certificates - I uploaded my
ca.crtfile which is used to sign both the client & server certs here. - Host - set to a wildcard that matches both the client and server
Subjectfields in the certs used. - CRT file =
/path/to/client.crt - KEY file =
/path/to/client.key
Last piece of info - I get nothing in the postman console when invoking the gRPC. It's completely blank.
Thanks in advance for your help,
VS