c# - 如何使用 HTTPS 和我自己的证书将 Grpc (NuGet >2.33) 客户端 (.NET Framework) 与 Grpc.Asp.NetCore (NuGet >2.31) 服务器 (.NET 5.0) 连接起来?
问题描述
异常消息:
Grpc.Core.RpcException: 'Status(StatusCode="Unavailable", Detail="无法连接到所有地址", DebugException="Grpc.Core.Internal.CoreErrorDetailException: {"created":"@1606657072.668000000","description" :"未能选择子频道","文件":"T:\src\github\grpc\workspace_csharp_ext_windows_x86\src\core\ext\filters\client_channel\client_channel.cc","file_line":4166,"referenced_errors":[ {"created":"@1606657072.668000000","description":"连接所有地址失败","file":"T:\src\github\grpc\workspace_csharp_ext_windows_x86\src\core\ext\filters\client_channel\lb_policy \pick_first\pick_first.cc","file_line":398,"grpc_status":14}]}")'
我在 GitHub 上创建了一个示例,如果您成功解决了问题,您可以轻松地调整、使用和回答这个问题。
...
我发现问题出在我自己的证书上,我无法创建自己的作品,尝试了许多组合。
我已使用此示例生成我的证书:如何为 gRPC 启用服务器端 SSL?
并在此示例上对其进行了测试:https ://github.com/angelagyang/GRPCProtobufExample
解决方案
问题出在证书及其 CN= 中。CN=%COMPUTERNAME% 必须是服务器 DNS 或 IP,在我的情况下,它必须是 localhost 并且服务器需要具有带有密钥 (pfx) 的证书。主要问题是它抛出了没有相关解释的异常。
客户:
//THIS IS YOUR CLIENT'S CERTIFICATE AND IT'S KEY
var keyCertPair = new KeyCertificatePair(File.ReadAllText($"{rootDir}/samplecert.pem.txt"), File.ReadAllText($"{rootDir}/samplecert.key.txt"));
//GetRootCertificates() GETS THE CA CERTIFICATE, NOT THE CLIENT CERTIFICATE NOR SERVER CERTIFICATE
var channelCreds = new SslCredentials(GetRootCertificates(), keyCertPair);
//YOU DON'T EVEN NEED TO PROVIDE KeyCertificatePair, IT WORKS WITH JUST A CA ROOT
var channelCreds = new SslCredentials(GetRootCertificates());
服务器:
//LoadSSLCertificate() GETS THE SERVER CERTIFICATE
var sslCertificate = LoadSSLCertificate();
o.ListenAnyIP(5001, listenOptions =>
{
listenOptions.UseHttps(sslCertificate, httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12;
httpsOptions.ClientCertificateMode = ClientCertificateMode.NoCertificate;
httpsOptions.ClientCertificateValidation = (certificate, chain, errors) =>
{
return true;
//return certificate.Thumbprint.Equals(_clientThumbprint, StringComparison.OrdinalIgnoreCase);
};
});
});
证书创建:
@echo off
REM set OPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.cfg
echo Generate CA key:
openssl genrsa -passout pass:1111 -des3 -out ca.key 4096
echo Generate CA certificate:
openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=MyRootCA"
echo Generate server key:
openssl genrsa -passout pass:1111 -des3 -out server.key 4096
echo Generate server signing request:
openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=%COMPUTERNAME%"
echo Self-sign server certificate:
openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
echo Remove passphrase from server key:
openssl rsa -passin pass:1111 -in server.key -out server.key
echo Generate client key
openssl genrsa -passout pass:1111 -des3 -out client.key 4096
echo Generate client signing request:
openssl req -passin pass:1111 -new -key client.key -out client.csr -subj "/C=US/ST=CA/L=Cupertino/O=YourCompany/OU=YourApp/CN=%CLIENT-COMPUTERNAME%"
echo Self-sign client certificate:
openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
echo Remove passphrase from client key:
openssl rsa -passin pass:1111 -in client.key -out client.key
echo Create server.pfx file:
openssl pkcs12 -export -passout pass:1111 -out server.pfx -inkey server.key -in server.crt
推荐阅读
- firebase - Xamarin Firebase iOS Analytics 抛出 AOT MTOUCH ERROR MT3001 - Firebase.Analytics.dll
- checkbox - 如何在 Flutter 中创建圆形 CheckBox?或者改变 CheckBox 的样式,比如 Flutter 中选中的图片?
- java - 什么时候可以使用枚举的 name()
- ios - 无法将视图放在导航栏上方
- sql - SQL 初学者问题:where exists select 1 出现意外行为
- javascript - 使用 JQuery 单击单选按钮后附加 DIV 仅使用父数据
- php - php postgresql concat 带文件的超链接
- java - 将属性复制到多模块项目中的模块
- sml - 在 SML/NJ 中定义(所有)斐波那契数列时出错
- batch-file - Check if dynamic variable is empty - Batch