i run the following sequence of commands to generate a self-signed root ca, and sign a server cert with it
cfssl genkey -initca csr.json | cfssljson -bare root
cfssl genkey csr.json | cfssljson -bare server
cfssl sign -ca root.pem -ca-key root-key.pem server.csr | cfssljson -bare server
csr.json contents:
{
"hosts": ["localhost", "127.0.0.1"],
"key": {
"algo": "ecdsa",
"size": 256
},
"CN": "localhost",
"names": []
}i see no errors in the process
then i run
cfssl certinfo -cert server.pem
and see the following line
i have an app with gRPC using TLS that fails (most likely because of the issue) with the following error
transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority
my cfssl
outputs
Version: 1.6.5
Runtime: go1.23.0
i see in README that AKI is not set for self-signed certs which is perfectly reasonable, but server here is not self-signed.
i run the following sequence of commands to generate a self-signed root ca, and sign a
servercert with itcsr.jsoncontents:{ "hosts": ["localhost", "127.0.0.1"], "key": { "algo": "ecdsa", "size": 256 }, "CN": "localhost", "names": [] }i see no errors in the process
then i run
and see the following line
i have an app with gRPC using TLS that fails (most likely because of the issue) with the following error
my cfssl
outputs
i see in README that AKI is not set for self-signed certs which is perfectly reasonable, but
serverhere is not self-signed.