Issue with gRPC Client in Quarkus: Accepting Certificates from Load Balancer

[Venki028]

I am running a gRPC service on ECS Fargate and have configured a load balancer with HTTPS and a gRPC target group. When I test the service using Postman with TLS enabled, it works fine, even without explicitly providing a key. However, when TLS is disabled, I encounter issues. Moreover, when I try to connect using my client application, I get the following error: GrpcException: INTERNAL: http2 exception.

How can I configure my Quarkus gRPC client to accept the default certificates provided by the load balancer or the server, similar to how Postman handles it? I want to ensure my client trusts these certificates, including self-signed certificates or those issued by a known Certificate Authority (CA)

[quarkus-bot[bot]]

/cc @alesj (grpc), @cescoffier (grpc)

[cescoffier]

Did you try with trust-all?

[Venki028]

@cescoffier yes i have tried quarkus.grpc.clients.email-service.tls.trust-all=true i got .GrpcException: INTERNAL: http2 exception

[Venki028]

i am supposed to make any changes in the GRPC server

[Venki028]

@cescoffier The problem is i haven't secured the grpc application; only the alb was secured, aws forces to use https in Load balancer for using grpc protocal version in target group

[Venki028]

Even if certificates are attached to the AWS Load balance, force the GRPC client to enable TLS ? because i haven't attached any tls related properties in GRPC Service

[cescoffier]

It depends on how the load balancer is configured. If TLS is a pass-through, then, yes, you need TLS on the gRPC server. If the load balancer forwards the request as a "plain request," the gRPC service must have plain-text enabled. However, I'm not sure the load balancer can do that for gRPC.

I would try using a plain HTTP/2 endpoint to see how it works.