踩坑一
先是各种搜,最后终于在Go gRPC进阶-TLS认证+自定义方法认证(七) - 烟花易冷人憔悴 - 博客园 (cnblogs.com)这篇博客下搞出了,pem和key,然后兴高采烈拿去用,。。。
踩坑二
好吧,我直接狂点回车了,2023/04/13 00:46:48 查询库存出错rpc error: code = Unavailable desc = connection error: desc = "transport: authenticaandshake failed: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match localhost"
说明这一行是不能乱填的,我这里在本地运行就填localhost,一般是填域名
踩坑三
改完之后,在此输入,又报错:报错:2023/04/13 00:54:42 查询库存出错rpc error: code = Unavailable desc = connection error: desc = "transport: authenticaandshake failed: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead"
报错中的信息是:certificate relies on legacy Common Name field, use SANs instead,意思是证书依赖于过时的 Common Name 字段,应该使用 Subject Alternative Names 字段。这是因为新版的TLS标准已经不再支持使用 Common Name 字段作为主机名验证的依据。
解决
最终在终端输入:
openssl req -new -nodes -x509 -out server.pem -keyout server.key -days 365 -subj "/CN=localhost" -addext "subjectAltName=DNS:localhost"
调用客户端成功
总结
-
生成RSA私钥:
openssl genrsa -out server.key 2048
-
生成ECC私钥:
openssl ecparam -genkey -name secp384r1 -out server.key
-
生成pem和key(在本地调用gprc)
openssl req -new -nodes -x509 -out server.pem -keyout server.key -days 365 -subj "/CN=localhost" -addext "subjectAltName=DNS:localhost"
-
把pem和key copy到项目,然后调用grpc