grpc_ssl_certificate
The `grpc_ssl_certificate` directive specifies the SSL certificate file for securing gRPC traffic.
Description
The grpc_ssl_certificate directive in NGINX is used to indicate the path to the SSL certificate file that will be used for encrypting gRPC communications over HTTPS. This directive is essential in ensuring that data transmitted over gRPC connections is secure, providing encryption for sensitive data being sent across the network. When this directive is set, NGINX will utilize the specified SSL certificate whenever it handles incoming gRPC requests.
This directive can be placed in http, server, or location contexts, allowing for flexibility in configuring SSL at various levels of granularity within the server architecture. The configuration expects a single argument, which should be a valid file path to a PEM-encoded certificate. If the specified file cannot be read or is not a valid certificate, NGINX will fail to start, thus enforcing strict measures to ensure secure communications. Additionally, the use of the directive should be accompanied by appropriate SSL settings, such as grpc_ssl_certificate_key, to correctly establish and secure the SSL handshake during sessions.
Config Example
server {
listen 443 ssl;
grpc_ssl_certificate /etc/ssl/certs/my_cert.crt;
grpc_ssl_certificate_key /etc/ssl/private/my_key.key;
location /grpc {
grpc_pass grpc://backend_service;
}
}Ensure the certificate file path is correct, otherwise NGINX will fail to start or reload.
The cert should be in PEM format, as non-PEM formatted certificates will cause errors.
Always pair this directive with grpc_ssl_certificate_key to establish a valid SSL configuration.