Update channel-credentials.md #24051
Conversation
Adding workaround for PEM loaded client certificates on Windows.
|
@stebet Hi! Thank you for the submission. Did you test this code? I spotted a code error in your submission. After reading the thread I'm not sure this workaround applies. The thread states that when the certificate is imported with in-memory key, it fails. Is the code prior to your submission doing that? It looks like it's using files passed on program args. |
adegeo
added
the
needs-more-info
That's why I mentioned specifically in the note that if you are loading the client cert via PEM strings instead of files (PFX + password), you'll need to apply this workaround. The example above the note shows only one of several ways to load a client certificate and having hit the issue myself after having followed this method (despite loading the cert differently which is just one line in the code) and scratching my head for several hours trying to figure out why this didn't work, I felt a note here might be helpful. Maybe adding another example that shows the PEM way + workaround as an alternative instead of the note would be clearer? This is in my opinion pretty important info for anyone using client certificate authentication with ephemeral keys in gRPC to be aware of. |
docs/architecture/grpc-for-wcf-developers/channel-credentials.md
Outdated
Show resolved
Hide resolved
|
@stebet sorry for the delay. I'm just curious if the note intro should be modified to explain exactly why this code would be needed. It sounds like it's always needed. (I'm not super familiar with cert management though) The intro doesn't specify it's in-memory keys such as a string etc.. |
No need to be sorry :) Changing the intro a bit makes sense. I'll reword and make a few changes to explain it better and why it's needed. |
|
Got delayed a bit with other tasks. I'll take a look at this after the weekend. |
Making it clear when the workaround should be applied.
|
@adegeo I added another example section that hopefully clarifies the example and note a bit better. |
Fixing after code review. Co-authored-by: Andy (Steve) De George <67293991+adegeo@users.noreply.github.com>
docs/architecture/grpc-for-wcf-developers/channel-credentials.md
Outdated
Show resolved
Hide resolved
docs/architecture/grpc-for-wcf-developers/channel-credentials.md
Outdated
Show resolved
Hide resolved
docs/architecture/grpc-for-wcf-developers/channel-credentials.md
Outdated
Show resolved
Hide resolved
Co-authored-by: David Pine <david.pine@microsoft.com>
Co-authored-by: David Pine <david.pine@microsoft.com>
Co-authored-by: David Pine <david.pine@microsoft.com>
* Update channel-credentials.md Adding workaround for PEM loaded client certificates on Windows. * Fix markdown errors * Update channel-credentials.md Making it clear when the workaround should be applied. * Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md Fixing after code review. Co-authored-by: Andy (Steve) De George <67293991+adegeo@users.noreply.github.com> * Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md Co-authored-by: David Pine <david.pine@microsoft.com> * Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md Co-authored-by: David Pine <david.pine@microsoft.com> * Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md Co-authored-by: David Pine <david.pine@microsoft.com> * Intro paras; formatting. * Update channel-credentials.md Co-authored-by: Andy (Steve) De George <67293991+adegeo@users.noreply.github.com> Co-authored-by: David Pine <david.pine@microsoft.com>
Summary
Adding details for a workaround needed for PEM loaded client certificates on Windows.