{"id":18722384,"url":"https://github.com/nleiva/grpc-tls","last_synced_at":"2025-04-12T14:42:22.372Z","repository":{"id":57484261,"uuid":"194170018","full_name":"nleiva/grpc-tls","owner":"nleiva","description":"Testing repo to validate all gRPC TLS options","archived":false,"fork":false,"pushed_at":"2019-07-22T13:31:52.000Z","size":81,"stargazers_count":55,"open_issues_count":2,"forks_count":16,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-23T07:34:20.570Z","etag":null,"topics":["grpc","tls"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nleiva.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-27T22:17:30.000Z","updated_at":"2024-04-25T22:41:48.000Z","dependencies_parsed_at":"2022-08-26T14:20:19.176Z","dependency_job_id":null,"html_url":"https://github.com/nleiva/grpc-tls","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nleiva%2Fgrpc-tls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nleiva%2Fgrpc-tls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nleiva%2Fgrpc-tls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nleiva%2Fgrpc-tls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nleiva","download_url":"https://codeload.github.com/nleiva/grpc-tls/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248583178,"owners_count":21128530,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["grpc","tls"],"created_at":"2024-11-07T13:41:13.231Z","updated_at":"2025-04-12T14:42:22.347Z","avatar_url":"https://github.com/nleiva.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gRPC TLS testing\n\nBasic service to retrive user names based on their `ID`. This is just for TLS testing purposes.\n\n## Run\n\n- Server\n\n    ```bash\n    make run-server\n    ```\n\n- Client\n\nYou need to provide an `ID` which is the id of the user we want to retrieve from the Server, for example `export ID=1`.\n\n1. Connect using the cert the Server provides during the TLS Handshake without verifying it.\n\n    ```bash\n    make run-client\n    ```\n\n2. Connect using the cert the Server provides during the TLS Handshake and verify it.\n\n    ```bash\n    make run-client-noca\n    ```\n\n3. Connect using the cert the Server provides during the TLS Handshake and verify it with a CA cert file provided.\n\n    ```bash\n    make run-client-ca\n    ```\n\n4. Connect using a cert provided at runtime.\n\n    ```bash\n    make run-client-file\n    ```\n\n- Help\n\n    ```bash\n    make\n    ```\n\n## Generating TSL Certificates\n\nYou need these before running the examples. To create them run `make cert`. The certificates are valid for a year (`-days 365`). Below the step by step, for your reference.\n\n- CA Signed certificates\n\n1. Create Root signing Key\n\n    ```bash\n    openssl genrsa -out ca.key 4096\n    ```\n\n2. Generate self-signed Root certificate\n\n    ```bash\n    openssl req -new -x509 -key ca.key -sha256 -subj \"/C=US/ST=NJ/O=CA, Inc.\" -days 365 -out ca.cert\n    ```\n\n3. Create a Key certificate for your service\n\n    ```bash\n    openssl genrsa -out service.key 4096\n    ```\n\n4. Create signing CSR\n\n    For local testing you can use `'/CN=localhost'`. For Online testing `CN` needs to be replaced with your gRPC Server, for example: `'/CN=grpc.nleiva.com'`. Include this in a config file ([certificate.conf](certificate.conf)).\n\n    ```bash\n    openssl req -new -key service.key -out service.csr -config certificate.conf\n    ```\n\n5. Generate a certificate for the service\n\n    ```bash\n    openssl x509 -req -in service.csr -CA ca.cert -CAkey ca.key -CAcreateserial -out service.pem -days 365 -sha256 -extfile certificate.conf -extensions req_ext\n    ```\n\n6. Verify\n\n    ```bash\n    openssl x509 -in service.pem -text -noout\n    ```\n\n## Vault and Certify\n\nSee [vault-cert.md](vault-cert.md) for setup details.\n\n- Server\n\n    ```bash\n    make run-server-vault\n    ```\n\n- Client\n\n    ```bash\n    export CAFILE=\"ca-vault.cert\"\n    make run-client-ca\n    ```\n\nYou need to provide an `ID` which is the id of the user we want to retrieve from the Server, for example `export ID=1`. Also, the name of the Vault's CA certificate file as `CAFILE`.\n\n## Running in Docker Containers\n\nBuild Docker images with `make docker-build`. You need to provide `HOST` and `PORT` as enviromental variables.\n\n```bash\nexport HOST=grpc.nleiva.com\nexport PORT=443\n```\n\n- Run the Docker Client image. Provide any `ID`.\n\n    ```bash\n    export ID=1\n    make run-docker-client\n    ```\n\n- Run the Docker Server image\n\n    ```bash\n    make run-docker-server\n    ```\n\n## Compiling protocol buffers\n\nRun `make proto`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnleiva%2Fgrpc-tls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnleiva%2Fgrpc-tls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnleiva%2Fgrpc-tls/lists"}