How to get mutual TLS working with gRPC

I have a gRPC service that I can run with:

  • no authentication
  • server side only authentication
  • mutual authentication

Using x509 openSSL certificates I generated using openssl.

I have verified correct operation of the server by using grpc_cli for all 3 modes.

Now I’m trying to use Postman because it has a nicer GUI, and it supports streaming RPCs in addition to the unary ones to which grpc_cli is restricted.

But I’m finding it a challenge to configure Postman to work with mTLS. The documentation is very clear and I’ve followed the steps, but my server responds with:

E1106 18:51:49.979164000 6136066048]    Handshake failed with fatal error SSL_ERROR_SSL: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE.

Whenever I invoke a gRPC call that works just fine when the server is running with just server-side authentication. Conclusion: postman isn’t presenting a cert with the gRPC invocation.

Maybe postman doesn’t yet support mTLS with gRPC? All the examples in the documentation are for HTTPS.

My postman certificate settings are (gRPC settings tab):

  • enable server certificate verification = true
  • overwrite server name for certificate verification = the Subject in the server cert, the server’s actually running at localhost:nnnn

and ('postman` general settings):

  • CA certificates - I uploaded my ca.crt file which is used to sign both the client & server certs here.
  • Host - set to a wildcard that matches both the client and server Subject fields in the certs used.
  • CRT file = /path/to/client.crt
  • KEY file = /path/to/client.key

Last piece of info - I get nothing in the postman console when invoking the gRPC. It’s completely blank.

Thanks in advance for your help,