How to get mutual TLS working with gRPC

I have a gRPC service that I can run with:

  • no authentication
  • server side only authentication
  • mutual authentication

Using x509 openSSL certificates I generated using openssl.

I have verified correct operation of the server by using grpc_cli for all 3 modes.

Now I’m trying to use Postman because it has a nicer GUI, and it supports streaming RPCs in addition to the unary ones to which grpc_cli is restricted.

But I’m finding it a challenge to configure Postman to work with mTLS. The documentation is very clear and I’ve followed the steps, but my server responds with:

E1106 18:51:49.979164000 6136066048 ssl_transport_security.cc:1420]    Handshake failed with fatal error SSL_ERROR_SSL: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE.

Whenever I invoke a gRPC call that works just fine when the server is running with just server-side authentication. Conclusion: postman isn’t presenting a cert with the gRPC invocation.

Maybe postman doesn’t yet support mTLS with gRPC? All the examples in the documentation are for HTTPS.

My postman certificate settings are (gRPC settings tab):

  • enable server certificate verification = true
  • overwrite server name for certificate verification = the Subject in the server cert, the server’s actually running at localhost:nnnn

and ('postman` general settings):

  • CA certificates - I uploaded my ca.crt file which is used to sign both the client & server certs here.
  • Host - set to a wildcard that matches both the client and server Subject fields in the certs used.
  • CRT file = /path/to/client.crt
  • KEY file = /path/to/client.key

Last piece of info - I get nothing in the postman console when invoking the gRPC. It’s completely blank.

Thanks in advance for your help,

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.