Basic service to retrive user names based on their ID. This is just for TLS testing purposes.

• Server

  make run-server

• Client

You need to provide an ID which is the id of the user we want to retrieve from the Server, for example export ID=1.

1. Connect using the cert the Server provides during the TLS Handshake without verifying it.

   make run-client

2. Connect using the cert the Server provides during the TLS Handshake and verify it.

   make run-client-noca

3. Connect using the cert the Server provides during the TLS Handshake and verify it with a CA cert file provided.

   make run-client-ca

4. Connect using a cert provided at runtime.

   make run-client-file

• Help

  make

You need these before running the examples. To create them run make cert. The certificates are valid for a year (-days 365). Below the step by step, for your reference.

• CA Signed certificates

1. Create Root signing Key

   openssl genrsa -out ca.key 4096

2. Generate self-signed Root certificate

   openssl req -new -x509 -key ca.key -sha256 -subj "/C=US/ST=NJ/O=CA, Inc." -days 365 -out ca.cert

3. Create a Key certificate for your service

   openssl genrsa -out service.key 4096

4. Create signing CSR

   For local testing you can use '/CN=localhost'. For Online testing CN needs to be replaced with your gRPC Server, for example: '/CN=grpc.nleiva.com'. Include this in a config file (certificate.conf).

   openssl req -new -key service.key -out service.csr -config certificate.conf

5. Generate a certificate for the service

   openssl x509 -req -in service.csr -CA ca.cert -CAkey ca.key -CAcreateserial -out service.pem -days 365 -sha256 -extfile certificate.conf -extensions req_ext

6. Verify

   openssl x509 -in service.pem -text -noout

See vault-cert.md for setup details.

• Server

  make run-server-vault

• Client

  export CAFILE="ca-vault.cert"
  make run-client-ca

You need to provide an ID which is the id of the user we want to retrieve from the Server, for example export ID=1. Also, the name of the Vault's CA certificate file as CAFILE.

Build Docker images with make docker-build. You need to provide HOST and PORT as enviromental variables.

export HOST=grpc.nleiva.com
export PORT=443

• Run the Docker Client image. Provide any ID.

  export ID=1
  make run-docker-client

• Run the Docker Server image

  make run-docker-server

Run make proto.