Home > Mobile >  Getting a SSL/TLS certificate for GRPC services from AWS
Getting a SSL/TLS certificate for GRPC services from AWS

Time:12-21

I wrote a GRPC service. This is my server code:

type GrpcServer[TServer any] func(*Handler) TServer

type GrpcRegistrar[TServer any] func(grpc.ServiceRegistrar, TServer)

type GrpcService[TServer any] struct {
    handler         *Handler
    inner           GrpcServer[TServer]
    registrar       GrpcRegistrar[TServer]
    certificateFile string
    certificateKey  string
    addr            string
    clientAddr      string
    gatewayAddr     string
}

func (service *GrpcService[TServer]) runGRPC(lis net.Listener, opts ...grpc.ServerOption) (*grpc.Server, error) {

    creds, err := credentials.NewServerTLSFromFile(service.certificateFile, service.certificateKey)
    if err != nil {
        return nil, service.handler.Logger.Error(err, "Failed to setup TLS")
    }

    opts = append([]grpc.ServerOption{grpc.Creds(creds)}, opts...)
    server := grpc.NewServer(opts...)

    service.registrar(server, service.inner(service.handler))

    service.handler.Logger.Log("GRPC listening on %s", service.addr)
    if err := server.Serve(lis); err != nil {
        return nil, service.handler.Logger.Error(err, "GRPC server failed unrecoverably")
    }

    return server, nil
}

The issue I'm having is that this service expects a certificate file and certificate key. I understand I can create a public certificate using AWS credential manager and download it using the AWS CLI. However, this only gives me the certificate value; I need a key file in addition. Is there a way I can get a certificate from AWS for use as GRPC server credentials?

CodePudding user response:

If you are using AWS Certificate Manager you may notice using AWS CLI that among the available commands we don't have any method that gives us the private key:

aws acm help

So one idea of mine, if you need the private key for the certificate, might be to not let AWS generate it, but generate it locally on your machine and import it into AWS using AWS CLI again:

aws acm import-certificate --certificate fileb://Certificate.pem \
      --certificate-chain fileb://CertificateChain.pem \
      --private-key fileb://PrivateKey.pem

More information on the official AWS Certificate Manager Documantation:

I hope this answer can help you.

Page link:https//www.codepudding.com/Mobile/649551.html

Prev:How to get pixel rgb values using matplotlib?
Next:Why do I get - go routines are asleep error for producer consumer issue
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding