当前位置:网站首页>go-grpc TSL authentication solution transport: authentication handshake failed: x509 certificate relies on ... ...
go-grpc TSL authentication solution transport: authentication handshake failed: x509 certificate relies on ... ...
2022-08-11 07:58:00 【why are you hungry again】
一、问题描述:transport: authentication handshake failed: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable
二、背景环境:我的环境windows go 1.17,linuxSolution to this problem also work.
三、首先需要 下载SSL
After you clicked on the link will see the above image shows the page,Download for the first time I saw a blog said literally click on a download,And then I didn't watch carefully,因为我的电脑是64位的,I just got aWin64的,Then the boy,Behind a total uninstall downloaded three times,不要下载forRAM的,Will not be allowed to install,(ARM64是ARM中64位体系结构,x64是x86系列中的64位体系.ARM属于精简指令集体系,汇编指令比较简单.x86Belong to the complex instruction set system,Assembly instruction more.Belong to two different system.看不懂没关系,As long as you know are two different system,That's not going to download, of course also use)不要下载Light的,Because you will find behind needopenssl.cnf文件.
1、According to your system directly to get the biggest one of the two.After the download is complete direct point openexe一直next安装好就可以了.
2、将openSSL的binThe path of the directory where the inpath环境变量中,然后重启电脑.
3、生成普通的keyopenssl genrsa -des3 -out server.key 2048
(记住设置的密码,Command directly on the terminal execution is good,我直接在golandThe terminal execution)
4、生成ca的crtopenssl req -new -x509 -key server.key -out ca.crt -days 3650
Met just fill things directly enter
5、生成csropenssl req -new -key server.key -out server.csr
6、更改openssl.cnf (Linux 是openssl.cfg)
1)A copy of your installationopenssl的bin目录里面的openssl.cnf File to the directory where you,我放在了keys文件夹下.
2)找到 [ CA_default ],打开 copy_extensions = copy (就是把前面的#去掉)
3)找到[ req ],打开 req_extensions = v3_req # The extensions to add to a certificate request
4)找到[ v3_req ],添加 subjectAltName = @alt_names
5)添加新的标签 [ alt_names ],和标签字段
DNS.1 = *.org.haha.com
DNS.2 = *.haha.com
7、生成证书私钥test.keyopenssl genpkey -algorithm RSA -out test.key
8、通过私钥test.key生成证书请求文件test.csr(注意cfg和cnf)
openssl req -new -nodes -key test.key -out test.csr -days 3650 -subj "/C=cn/OU=myorg/O=mycomp/CN=myname" -config ./openssl.cnf -extensions v3_req
test.csrIs the above generated the certificate request file.ca.crt/server.key是CA证书文件和key,用来对test.csr进行签名认证.The two files in the first part.
9、生成SAN证书
openssl x509 -req -days 365 -in test.csr -out test.pem -CA ca.crt -CAkey server.key -CAcreateserial -extfile ./openssl.cnf -extensions v3_req
10、Then, can be used in GO 1.15 以上版本的GRPC通信了
The server load code
creds, err := credentials.NewServerTLSFromFile("test.pem", "test.key")
The client loading code
creds,err := credentials.NewClientTLSFromFile("test.pem","*.org.haha.com")
这个问题怎么说呢,试了很多的方法,Finally use this method to solve the record here.
感谢 thankyou~
边栏推荐
- TF通过feature与label生成(特征,标签)集合,tf.data.Dataset.from_tensor_slices
- 1076 Wifi Password (15 points)
- One-hot in TF
- 记录一些遇见的bug——Lombok和Mapstruct的冲突导致,A component required a bean of type ‘com.XXX.controller.converter.
- 【Pytorch】nn.Linear,nn.Conv
- There may be fields that cannot be serialized in the abnormal object of cdc and sqlserver. Is there anyone who can understand it? Help me to answer
- Use tf.argmax in Tensorflow to return the index of the maximum value of the tensor along the specified dimension
- FPGA 20个例程篇:11.USB2.0接收并回复CRC16位校验
- 支持各种文件快速重命名最简单的小技巧
- Analysys and the Alliance of Small and Medium Banks jointly released the Hainan Digital Economy Index, so stay tuned!
猜你喜欢
随机推荐
excel 透视表 值显示内容 不显示计数
The growth path of a 40W test engineer with an annual salary, which stage are you in?
Tf中的平方,多次方,开方计算
go sqlx 包
oracle数据库中列转行,列会有变化
1081 检查密码 (15 分)
线程交替输出(你能想出几种方法)
redis operation
为什么会没有内存了呢
结合均线分析k线图的基本知识
1091 N-自守数 (15 分)
【Day_13 0509】▲跳石板
Activity的四种启动模式
1096 大美数 (15 分)
Active users of mobile banking grew rapidly in June, hitting a half-year high
1076 Wifi Password (15 points)
One-hot in TF
Pico neo3 Unity打包设置
leetcode: 69. Square root of x
1002 写出这个数 (20 分)