grpc_ssl_trusted_certificate
The grpc_ssl_trusted_certificate directive specifies a trusted certificate file for verifying the remote peer's certificate in gRPC over SSL/TLS connections.
Description
The grpc_ssl_trusted_certificate directive is utilized within NGINX to designate a file containing a trusted root certificate for use when establishing secure gRPC connections. This is particularly important when the gRPC services run over TLS, as it ensures that the client can validate the authenticity of the server's SSL certificate. The specified certificate file typically contains the public key certificates of the Certificate Authorities (CAs) that are trusted to sign the server certificates, enabling NGINX to check the chain of trust when establishing a secure connection.
When configuring this directive, you should provide a path to the certificate file as its argument. The file should be in PEM format and contain the complete certificate chain necessary for verification. It is also important to ensure that the permissions on this file allow NGINX to read it. If the directives are defined at the server or location context, they will apply to all gRPC connections handled by those blocks, ensuring consistent SSL/TLS validation for all gRPC traffic proceeding through them.
Config Example
server {
listen 443 ssl;
grpc_ssl_trusted_certificate /etc/nginx/certs/ca.crt;
# Additional configuration...
}Ensure the path specified is correct and that NGINX has read permissions to the certificate file.
The certificate file should be in PEM format; other formats will not be processed correctly.
If using self-signed certificates, ensure they are included in the trusted chain.