{"id":19746583,"url":"https://github.com/xevilmaxx/grpc_ssl","last_synced_at":"2026-05-12T11:44:06.950Z","repository":{"id":144156018,"uuid":"353965533","full_name":"xevilmaxx/GRPC_SSL","owner":"xevilmaxx","description":"Finnally a bit comprehensive locally protected channels by self signed SSL","archived":false,"fork":false,"pushed_at":"2021-04-02T09:18:04.000Z","size":170,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-28T07:57:03.026Z","etag":null,"topics":["csharp","grpc","local","protection","ssl"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xevilmaxx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-02T09:06:40.000Z","updated_at":"2021-05-13T14:42:13.000Z","dependencies_parsed_at":null,"dependency_job_id":"bd227a22-34cc-4bd5-aeb3-3a5f1d2aee60","html_url":"https://github.com/xevilmaxx/GRPC_SSL","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/xevilmaxx/GRPC_SSL","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xevilmaxx%2FGRPC_SSL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xevilmaxx%2FGRPC_SSL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xevilmaxx%2FGRPC_SSL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xevilmaxx%2FGRPC_SSL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xevilmaxx","download_url":"https://codeload.github.com/xevilmaxx/GRPC_SSL/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xevilmaxx%2FGRPC_SSL/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32938001,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-12T09:19:52.626Z","status":"ssl_error","status_checked_at":"2026-05-12T09:17:33.438Z","response_time":102,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csharp","grpc","local","protection","ssl"],"created_at":"2024-11-12T02:14:55.162Z","updated_at":"2026-05-12T11:44:06.938Z","avatar_url":"https://github.com/xevilmaxx.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GRPC SSL\r\n\r\n## Generic Tutorial about OpenSSL:\r\n\r\nhttps://blog.devolutions.net/2020/07/tutorial-how-to-generate-secure-self-signed-server-and-client-certificates-with-openssl\r\n\r\n## 1) Install Chocolatey in Windows 10: (on Administrative Powershell)\r\n\r\nhttps://theknowledgehound.home.blog/2020/03/05/how-to-install-chocolatey-on-windows-10/\r\n\r\n```powershell\r\nSet-ExecutionPolicy Bypass -Scope Process -Force; `\r\n  iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))\r\n```\r\n\r\n## 2) Install OpenSSL\r\n\r\nhttps://adamtheautomator.com/openssl-windows-10/\r\n\r\n```powershell\r\nchoco install OpenSSL.Light\r\n```\r\n\r\nUsual installation directory: '**C:\\Program Files\\OpenSSL**\\'\r\n\r\n## 3) SSL certificate generation and C#\r\n\r\nhttps://stackoverflow.com/questions/37714558/how-to-enable-server-side-ssl-for-grpc\r\n\r\n```bash\r\n@echo off\r\nrem certificate Expiration: 3650 days -\u003e 10 years\r\n\r\nSET OPENSSL_CONF=C:\\Program Files\\OpenSSL\\bin\\openssl.cnf\r\nSET \"password=1111\"\r\nSET \"certValidityDays=365\"\r\nSET \"desLength=4096\"\r\n\r\nrem ---------------------\r\nrem Generate Basic Key\r\nrem ---------------------\r\necho Generate CA key:\r\nopenssl genrsa -passout pass:%password% -des3 -out ca.key %desLength%\r\n\r\necho Generate CA certificate:\r\nopenssl req -passin pass:%password% -new -x509 -days %certValidityDays% -key ca.key -out ca.crt -subj  \"/C=IT/ST=MB/L=Monza/O=SwLink/OU=ParkO/CN=MyRootCA\"\r\n\r\n\r\nrem ---------------------\r\nrem Server Key Generation\r\nrem ---------------------\r\necho Generate server key:\r\nopenssl genrsa -passout pass:%password% -des3 -out server.key %desLength%\r\n\r\necho Generate server signing request:\r\nopenssl req -passin pass:%password% -new -key server.key -out server.csr -config config.conf\r\n\r\necho Self-sign server certificate:\r\nopenssl x509 -req -passin pass:%password% -days %certValidityDays% -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extensions ext -extfile config.conf\r\n\r\necho Remove passphrase from server key:\r\nopenssl rsa -passin pass:%password% -in server.key -out server.key\r\n\r\nrem ---------------------\r\nrem Client Key Generation\r\nrem ---------------------\r\necho Generate client key\r\nopenssl genrsa -passout pass:%password% -des3 -out client.key %desLength%\r\n\r\necho Generate client signing request:\r\nopenssl req -passin pass:%password% -new -key client.key -out client.csr -config config.conf\r\n\r\necho Self-sign client certificate:\r\nopenssl x509 -passin pass:%password% -req -days %certValidityDays% -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt -extensions ext -extfile config.conf\r\n\r\necho Remove passphrase from client key:\r\nopenssl rsa -passin pass:%password% -in client.key -out client.key\r\n\r\npause\r\n```\r\n\r\n\r\n\r\nAnother Sample:\r\n\r\nhttps://github.com/perhallgren/grpc/tree/TLSSupport/examples/csharp/helloworld-from-cli\r\n\r\n\r\n\r\n### Missing OpenSSL \"openssl.cnf\"?\r\n\r\nhttps://adamtheautomator.com/openssl-windows-10/\r\n\r\n1) Open Powershell with Administrative rights\r\n\r\n```powershell\r\n//Move to correct folder of your OpenSSL installation\r\ncd \"C:\\Program Files\\OpenSSL\\bin\"\r\n\r\n//Fetch cnf file from Web\r\nInvoke-WebRequest 'http://web.mit.edu/crypto/openssl.cnf' -OutFile .\\openssl.cnf\r\n```\r\n\r\n2) Now you might attempt to re-run SSL generation script\r\n\r\n**Might also need this if there are still errors in generation:**\r\n\r\nhttps://stackoverflow.com/questions/63893662/cant-load-root-rnd-into-rng\r\n\r\n**Try** removing or **commenting** `RANDFILE = $ENV::HOME/.rnd` line in `/etc/ssl/openssl.cnf` | `C:\\Program Files\\OpenSSL\\bin\\openssl.cnf`\r\n\r\n**Also you might need to execute SSLGenerate.bat as Administrator**\r\n\r\n### Additional Config for SSL generation (config.conf)\r\n\r\nhttps://medium.com/@arkadybalaba/quick-run-to-secure-your-grpc-api-with-ssl-tls-fbd910ec8eee#758f\r\n\r\n```\r\n[req]\r\nprompt = no\r\nreq_extensions = ext\r\ndistinguished_name = req_distinguished_named\r\n\r\n[ ext ]\r\nsubjectAltName = IP:0.0.0.0, IP:127.0.0.1\r\n\r\n[ req_distinguished_named ]\r\nC=IT\r\nST=MB\r\nL=Monza\r\nO=SwLink\r\nOU=ParkO\r\nCN=localhost\r\n```\r\n\r\nThis config is Universal.\r\n\r\nIts ok for Client and Server, when you want connect through BloomRPC you will specify 127.0.0.1 as Host.\r\n\r\nOnce generated its enough just copy paste certificates across all microservices.\r\n\r\n![](./images/BloomRPC_SSL_configuration.JPG?raw=true)\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxevilmaxx%2Fgrpc_ssl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxevilmaxx%2Fgrpc_ssl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxevilmaxx%2Fgrpc_ssl/lists"}