0

I am using .NET 6 to try to make to work the default gRPC service that is created when I create a new gRPC project for ASP.

To test if I can connect to the service, I use grpcui.

I can connect when I don't use certificates, connecting to the http address, but when I try to use a certificate, using the https address, I get the error:

Cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs.

I guess that is because I don't create the server certificate in the correct way, because I have to set the IP in the field SAN, but I don't know how.

What I did it is to set as CN the IP of the server, but it seems that this is not the correct place to set the IP.

So I would like to know what is SAN and how I could create the certificates with this field.

Thom A
  • 88,727
  • 11
  • 45
  • 75
Álvaro García
  • 18,114
  • 30
  • 102
  • 193
  • SAN = "subject alternative name" [this answer](https://stackoverflow.com/a/27931596/11810946) provides a heap of relevant info. If you need help creating the certificate you will need to let us know what tools you are using (`openssl` is common but I often use [certstrap](https://github.com/square/certstrap) just because its easy). A (generally unsafe for production!) alternative is to accept untrusted certs ([see the docs](https://learn.microsoft.com/en-us/aspnet/core/grpc/troubleshoot?view=aspnetcore-6.0#call-a-grpc-service-with-an-untrustedinvalid-certificate)). – Brits Aug 19 '22 at 00:09
  • I was using easy-rsa3, the version 3.0.8 and when I use the IP in the san it set "DNS:" insetad of "IP:". But updating to the version 3.1.0 it works. – Álvaro García Aug 19 '22 at 11:42

0 Answers0