grpc微服务,为了增加其安全性,使用tls证书
一:使用openssl生成证书
1、安装openssl
2、生成证书
openssl genrsa -out server.key 2048 //生成私钥
openssl req -new -x509 -sha256 -key server.key -out server.pem -days 36500 //生成私钥
openssl req -new -key server.key -out server.crt -days 36500 //生成私钥
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
填写生成私钥需要的信息,直接回车
-----
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:go deveper
Organizational Unit Name (eg, section) []:international
Common Name (eg, fully qualified host name) []:go-grpc
Email Address []:********@qq.com
3:服务端代码修改
creds, errs := credentials.NewServerTLSFromFile("cert/server.crt", "cert/server_no.key")
if errs != nil {
log.Fatalf("failed to use tsl: %v", err)
}
s := grpc.NewServer(grpc.Creds(creds))
4:客户端代码修改
creds, errs := credentials.NewClientTLSFromFile("../cert/server.crt", "go-grpc")
if errs != nil {
log.Fatalf("NewClientTLSFromFile: %v", errs)
}
log.Println("可开始请求------1")
conn, err := grpc.Dial(address, grpc.WithTimeout(3*time.Second), grpc.WithTransportCredentials(creds))
5:运行出现错误解决办法
出现错误:
2020/12/08 16:41:22 could not greet: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0"
Process exiting with code: 1 signal: false
解决办法:GODEBUG=x509ignoreCN=0 go run client.go