[英]how to use ssl certificates with gRPC and ASP Net Core 3.0?
I am rtying to configure the service to use a SSL certificate.我正在尝试将服务配置为使用 SSL 证书。 I have read this post:
我读过这篇文章:
How to enable server side SSL for gRPC? 如何为 gRPC 启用服务器端 SSL?
I guess this is the main code:我想这是主要代码:
var cacert = File.ReadAllText(@"ca.crt");
var servercert = File.ReadAllText(@"server.crt");
var serverkey = File.ReadAllText(@"server.key");
var keypair = new KeyCertificatePair(servercert, serverkey);
var sslCredentials = new SslServerCredentials(new List<KeyCertificatePair>() { keypair }, cacert, false);
var server = new Server
{
Services = { GrpcTest.BindService(new GrpcTestImpl(writeToDisk)) },
Ports = { new ServerPort("0.0.0.0", 555, sslCredentials) }
};
server.Start();
The problem is that in my case, I don't start the service in this way, I am using kestrel, and the code is this:问题是,在我的情况下,我没有以这种方式启动服务,我使用的是 kestrel,代码是这样的:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureKestrel(options =>
{
System.Net.IPAddress miAddress = System.Net.IPAddress.Parse("x.x.x.x");
//options.Listen(miAddress, 5001, o => o.Protocols = HttpProtocols.Http2);
options.Listen(miAddress, 5001, l =>
{
l.Protocols = HttpProtocols.Http2;
l.UseHttps();
});
});
webBuilder.UseStartup<Startup>();
});
In this case, I don't have access to SslCredentials, so I can't create a new one.在这种情况下,我无权访问 SslCredentials,因此我无法创建一个新的。
How could I configure my ssl certificate using kestrel?如何使用 kestrel 配置我的 ssl 证书?
Thanks.谢谢。
The post you linked to is for Grpc.Core, the grpc-dotnet implementation is configured differently.您链接到的帖子适用于 Grpc.Core,grpc-dotnet 实现的配置不同。
This documentation and example should help: https://github.com/grpc/grpc-dotnet/blob/dd72d6a38ab2984fd224aa8ed53686dc0153b9da/testassets/InteropTestsWebsite/Program.cs#L55此文档和示例应该会有所帮助: https : //github.com/grpc/grpc-dotnet/blob/dd72d6a38ab2984fd224aa8ed53686dc0153b9da/testassets/InteropTestsWebsite/Program.cs#L55
https://docs.microsoft.com/en-us/aspnet/core/grpc/authn-and-authz?view=aspnetcore-3.1 https://docs.microsoft.com/en-us/aspnet/core/grpc/authn-and-authz?view=aspnetcore-3.1
(in another words, you can configure the certificates on the server side exactly the same way as you would for any other HTTP/2 server - there's nothing grpc specific in configuring the secure connections in ASP.NET Core). (换句话说,您可以像配置任何其他 HTTP/2 服务器一样在服务器端配置证书 - 在 ASP.NET Core 中配置安全连接时没有任何特定于 grpc 的内容)。
looks like you mistake authentication by certificates for SSL-data-encryption.看起来您错误地通过证书进行了 SSL 数据加密的身份验证。 In case you just want to encrypt the data channel, best to use Kestrel like:
如果您只想加密数据通道,最好使用 Kestrel,例如:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(builder =>
{
builder.ConfigureKestrel(options =>
{
options.Listen(IPAddress.Loopback, 5005, configure => { configure.UseHttps(); configure.Protocols = HttpProtocols.Http2; });
});
});
The call to UseHttps() uses the ASP.NET Core's trusted Development certificate.对 UseHttps() 的调用使用 ASP.NET Core 的可信开发证书。
If you want to provide one yourself, use ie (or the other overloads):如果您想自己提供一个,请使用 ie(或其他重载):
public static ListenOptions UseHttps(this ListenOptions listenOptions, X509Certificate2 serverCertificate)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.