Grpc .Net client fails to connect to server with SSL

Question

Unable to connect to the greeter grpc service mentioned in this link - https://docs.microsoft.com/en-us/aspnet/core/tutorials/grpc/grpc-start?view=aspnetcore-3.0 from a gre

Answer 1

I got it working with SSL port by using the Server's certificate in pem format in the client.

SslCredentials secureCredentials = new SslCredentials(File.ReadAllText("certificate.pem"));
var channel = new Channel("localhost", 5001, secureCredentials);

This means, Asp.NETCore template in VS 2019 uses a development certificate with pfx file at %AppData%\ASP.NET\Https\ProjectName.pfx and password = %AppData%\Microsoft\UserSecrets\{UserSecretsId}\secrets.json {:Kestrel:Certificates:Development:Password} Value You can get the UserSecretsId id from the ProjectName.csproj. This will be different for each ASP.NET Core Project.

I used the below command to convert the pfx password combination to pem

openssl pkcs12 -in "<DiskLocationOfPfx>\ProjectName.pfx" -out "TargetLocation\certifcate.pem" -clcerts

This will prompt for the pfx password. Use the password from the above secrets.json.

Give some passphrase for the certificate.pem to be generated(At least 4 letter).

Copy this cerificate.pem for the gRPC .NET Framework client to access and use in

SslCredentials secureCredentials = new SslCredentials(File.ReadAllText("certificate.pem"))

For Production Scenarios

Use a valid certificate from certificate signing authority and use the pfx in ASP.NET Core Server and pem in .NET Framework client.

Answer 2

I made a working client on the .NET Framework c with a server on .NET Core on localhost:

static async Task Main(string[] args)
{    
    string s = GetRootCertificates();
    var channel_creds = new SslCredentials(s);
    var channel = new Channel("localhost",50051, channel_creds);
    var client = new Informer.InformerClient(channel);
    await GetPing(client);
}

public static string GetRootCertificates()
{
    StringBuilder builder = new StringBuilder();
    X509Store store = new X509Store(StoreName.Root);
    store.Open(OpenFlags.ReadOnly);
    foreach (X509Certificate2 mCert in store.Certificates)
    {
        builder.AppendLine(
            "# Issuer: " + mCert.Issuer.ToString() + "\n" +
            "# Subject: " + mCert.Subject.ToString() + "\n" +
            "# Label: " + mCert.FriendlyName.ToString() + "\n" +
            "# Serial: " + mCert.SerialNumber.ToString() + "\n" +
            "# SHA1 Fingerprint: " + mCert.GetCertHashString().ToString() + "\n" +
            ExportToPEM(mCert) + "\n");
    }
    return builder.ToString();
}

/// <summary>
/// Export a certificate to a PEM format string
/// </summary>
/// <param name="cert">The certificate to export</param>
/// <returns>A PEM encoded string</returns>
public static string ExportToPEM(X509Certificate cert)
{
    StringBuilder builder = new StringBuilder();            

    builder.AppendLine("-----BEGIN CERTIFICATE-----");
    builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
    builder.AppendLine("-----END CERTIFICATE-----");

    return builder.ToString();
}

private static async Task GetPing(Informer.InformerClient client)
{
    Console.WriteLine("Getting ping...");
    try
    {
        Metadata headers = null;
        var response = await client.GetServerPingAsync(new Empty(), headers);
        string result = "Nan";
        if (response.PingResponse_ == 1)
            result = "Ok!";
        Console.WriteLine($"Ping say: {result }");
    }
    catch (Exception ex)
    {
        Console.WriteLine("Error get server ping." + Environment.NewLine + ex.ToString());
    }
}

But I have not yet succeeded in making this work on remote machines (for example, where ip 192.168.1.7 is the server address and the client address is 192.168.1.2)