bad practice on creating the tls credentials

[imansadooghi]

on cmd/serve.go: (line 84)
https://github.com/philips/grpc-gateway-example/blob/master/cmd/serve.go#L84
dcreds := credentials.NewTLS(&tls.Config{ ServerName: demoAddr, RootCAs: demoCertPool, })
demoAddr is used for creating the credentials. demoAddr is an endpoint with address:port format. Using that will cause your TLS to look for a serverName of "localhost:10000". Hence, in your certificate, you had to add the domain:port specifically as a server name. It is not good practice to use a specific name in your cert. The ServerName should be only the Address.

[vaishali-ntnx]

I was trying to run this example without changing anything but I am getting this error -
http: TLS handshake error from [::1]:53217: remote error: tls: bad certificate INFO: 2018/10/15 13:16:40 pickfirstBalancer: HandleSubConnStateChange: 0xc000158060, TRANSIENT_FAILURE WARNING: 2018/10/15 13:16:40 grpc: addrConn.createTransport failed to connect to {localhost:10000 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: Common Name is not a valid hostname: localhost:10000". Reconnecting...

Can anyone help me understanding the problem here?

[adamcohen]

I had to use the following commands from the certs/Makefile to generate my own Key and Cert values:

openssl genrsa -out server.key 2048
openssl req -new -x509 -key server.key -out server.pem -days 3650

I also used a different port than 10000, so when generating the above certificate, I had to use localhost:8020 as the Common Name:

Common Name (eg, fully qualified host name) []:localhost:8020

When using curl to hit the http endpoint, I had to pass -k and when using grpcurl I had to pass -insecure