GRPC - certificate error

 

2024/04/12 16:09:36 rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: cannot validate certificate for 0.0.0.0 because it doesn't contain any IP SANs"

 

This is because the certificates were created without a config file.

 

Recreated the certificates with the following config file:

zzh@ZZHPC:/zdata/Github/grpc-go/server$ cat server-ext.cnf
subjectAltName=DNS:*.microservices.dev,DNS:*.microservices.dev,IP:0.0.0.0

 

The above error disappeared, but got new error:

2024/04/12 16:30:28 rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"*.ZhangZhihuiAAA.dev\")"

 

Changed the server-ext.cnf to below:

zzh@ZZHPC:/zdata/Github/grpc-go/server$ cat server-ext.cnf 
subjectAltName=DNS:*.ZhangZhihuiAAA.dev,DNS:*.ZhangZhihuiAAA.dev,IP:0.0.0.0

Recreated the certificates, but still got the same error.

 

Checked the client code, found that it used the "client/client.crt" file.

Updated the code and let it use "./ca.crt":

creds, err := credentials.NewClientTLSFromFile("./ca.crt", "0.0.0.0")

The error disappeared.