Help with setting up tonic gRPC + TLS with self signed certificates

This is not a rust question per se, but I'm asking here, because I'm writing it in rust. I hope it is not against the rules.

I am writing a client-server gRPC application with tonic that is going to communicate over the Internet so I need some kind of encryption, but I definitely do not want to go through the whole hassle of registering and maintaining a "globally trusted" TLS certificate. I prefer to have it self-signed and "pre-trusted" in the sense that binaries ship with what is needed in order to trust each other. Both the server and client are operated by "trusted" parties and if something gets compromised, regenerating the keys, recompiling binaries and redistributing them is a viable strategy.

Here are the questions that pop up and I am not sure how to address them (and I am not sure how to search the web for them)

  1. How to ergonomically generate all the keys/certificates in the first place (in the tonic examples they are already generated and in the repository)?
  2. How to avoid having to deal with domain names? All the examples that I find are web service centric and involve connecting to domains.
  3. Is all of this a very bad idea (or the wrong approach in practice) and why? What other options do I have?
1 Like

I don't have the answers for how to do this, but it would not be specific to tonic. If you find an example for any other hyper-based kind of server, then it should convert rather easily to tonic.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.