下载配置openssl
在根目录下创建key文件夹,cd key
1.生成私钥:
openssl genrsa -out server.key 2048
2.生成证书 全部回车:
openssl req -new -x509 -key server.key -out server.crt -days 36500
3.生成csr:
openssl req -new -key server.key -out server.csr
更改openssl.cnf(Linux下 openssl version -a 可以查看openssldir,找到cnf文件)
- 1.复制一份cnf到项目目录
- 2.找到[ CA _default ]打开 copy_extensions=copy(去掉#)
- 3.找到[ req ],打开req_extension = v3_req
- 4.找到[ V3_req ],添加subjectAltName=@alt_names
- 5.添加新的标签[ alt_names ],和标签字段
- DNS.1=*.kuangstudy.com
-
生成证书私钥test.key:
openssl genpkey -algorithm RSA -out test.key
-
#通过私钥test.key申城证书请求文件test.csr(注意cfg cnf):
openssl req -new -nodes -key test.key -out test.csr -days 3650 -subj "/C=cn/OU=mysor/O=mycomp/CN=myname" -config ./openssl.cnf -extensions v3_req
-
#test.csr是上面生成的证书请求文件 ca.crt/server.key是CA证书文件和key,用来对test.csr进行签名认证
-
#生成SAN证书 pem:
openssl x509 -req -days 365 -in test.csr -out test.pem -CA server.crt -CAkey server.key -CAcreateserial -extfile ./openssl.cnf -extensions v3_req
package main
import (
"context"
"fmt"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"net"
pb "xxb-grpc-study/hello-server/proto"
)
type server struct {
pb.UnimplementedSayHelloServer
}
func (s *server) SayHello(ctx context.Context, req *pb.HelloRequest) (*pb.HelloResponse, error) {
fmt.Printf("diao yong cheng gong")
return &pb.HelloResponse{ResponseMsg: "hello" + req.RequestName}, nil
}
func main() {
//TSL ren zheng : pem key
creds, _ := credentials.NewServerTLSFromFile("/home/tyler/workspace/go/xxb-grpc-study/key/test.pem", "/home/tyler/workspace/go/xxb-grpc-study/key/test.key")
//kaiqi duankou
listen, err1 := net.Listen("tcp", ":9090")
if err1 != nil {
fmt.Println("lian jie shi bai")
return
} else {
fmt.Printf("connect successful")
}
//chuangjian grpc fuwu
grpcServer := grpc.NewServer(grpc.Creds(creds))
//zai gprc feuwuduan kaiqi ziji fuwu
pb.RegisterSayHelloServer(grpcServer, &server{})
//qidong fuwu
err_server := grpcServer.Serve(listen)
if err_server != nil {
fmt.Printf("failed to server : %v", err_server)
return
}
}
package main
import (
"context"
"fmt"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"log"
pb "xxb-grpc-study/hello-server/proto"
)
func main() {
// zheng shu
creds, _ := credentials.NewClientTLSFromFile("/home/tyler/workspace/go/xxb-grpc-study/key/test.pem", "*.kuangstudy.com")
//lianjie dao serverduan ,jin yong anquan chuanshu ,wu jiami he yanzheng
conn, err := grpc.Dial("127.0.0.1:9090", grpc.WithTransportCredentials(creds))
if err != nil {
log.Fatalf("did not connect : %v", err)
fmt.Printf("client don`t connect")
} else {
fmt.Println("connect server successfully")
}
defer conn.Close()
//jian li lian jie
client := pb.NewSayHelloClient(conn)
//rpc yuan cheng diao yong
resp, _ := client.SayHello(context.Background(), &pb.HelloRequest{RequestName: "kuangshen"})
fmt.Println(resp.GetResponseMsg())
}