GRPC ssl with self-signed cert
By default, the certificate presented (in either direction) will be validated in several ways:
- Hostname must match the subject Common Name in the certificatepresented.
- the certificate must not be revoked, by using CRL orOCSP to validate
- the root CA certificate must be trusted, and nointermediaries can be revoked
It's likely that you are running into #3, since it's a self-signed certificate (the root is itself and not trusted) and you're already using localhost
to connect to it. You could either add this certificate to your trusted CA certificate store or you can programmatically create an insecure certificate validation for your SSL Context. For more details on the Kotlin (Java) side, you can consult the SO here: Disabling certificate check in gRPC TLS
As mentioned in Matt's answer, your CA certificate is not trusted by the device running your Flutter app since it's self-signed.
Now you have 2 options:
- Get a valid certificate from a certificate authority like Verisign, or
- Disable the certificate verification in your Flutter app itself
Here's how to implement option 2. You simply add a BadCertificateHandler
to the ChannelCredentials
instance like so:
final cert = await rootBundle.load('cert.pem') final certAsList = cert.buffer .asUint8List( cert.offsetInBytes, cert.lengthInBytes, ) .map((uint8) => uint8.toInt()) .toList() final channel = new ClientChannel( 'localhost', port: 8443, options: ChannelOptions( credentials: ChannelCredentials.secure( certificates: certAsList, onBadCertificate: (cert, host) => true, // <--- **** The missing part **** ), ), )
By having a handler that always returns true
, you're basically disabling the certificate verification completely. Now whether you really want to do that or not is up to you ;)