Kreya
Kreya copied to clipboard
riok
Intermediaries in crt file not transmitted
Describe the bug
If a certificate crt file is used in Kreya and contains more than one PEM block, such as for including intermediaries, Kreya appears to only transmit the first PEM block resulting in TLS authentication failing.
To Reproduce
Have a root CA, have an intermediary CA. Issue a certificate from the intermediary CA and ensure the intermediary CA is included in the certificate, such that the certificate is viewed as trusted based on the root CA.
Add the certificate to Kreya and configure a gRPC server to do mTLS authentication with the root CA.
Observe that Kreya sends requests that do not include the intermediary CA, resulting in authentication failure.
Observe that if the certificate is used with other tools, such as grpcurl, the intermediary is included with the certificate, allowing the authentication to succeed.
Expected behavior
All PEM blocks in a selected certificate are transmitted for TLS authentication.
Screenshots
N/A
Environment (if possible, copy the information from the error dialog or the About menu):
- OS: macOS 12.3
- Kreya Version 1.7.0
Additional context
N/A
For my understanding: You have a .crt file which contains two certificates (certificate + intermediary) plus a .key file which contains the private key? Or do you have a single file which contains both the private key plus the two certificates?
Unfortunately, this is more compliated than we initially thought. A workaround would be to add the intermediate certificate to the OS certificate store (either on the client or on the server, both scenarios should work).