This crate is a grpc client and server to control and manage a cdk mint. This crate exposes a server complnate that can be imported as library compontant, see its usage in cdk-mintd. The client can be used as a cli by running cargo r --bin cdk-mint-cli.
The server can be run with or without certificate authentication. For running with authentication follow the below steps to create certificates.
This guide explains how to generate the necessary TLS certificates for securing gRPC communication between client and server.
The script generates the following certificates and keys:
- Certificate Authority (CA) certificate and key
- Server certificate and key
- Client certificate and key
All certificates are generated in PEM format, which is commonly used in Unix/Linux systems.
- OpenSSL installed on your system
- Bash shell environment
The script will create the following files:
ca.key- Certificate Authority private keyca.pem- Certificate Authority certificateserver.key- Server private keyserver.pem- Server certificateclient.key- Client private keyclient.pem- Client certificate
- Save the script as
generate_certs.sh - Make it executable:
chmod +x generate_certs.sh
- Run the script:
./generate_certs.sh
- 4096-bit RSA key
- Valid for 365 days
- Used to sign both server and client certificates
- 4096-bit RSA key
- Valid for 365 days
- Includes Subject Alternative Names (SAN):
- DNS: localhost
- DNS: my-server
- IP: 127.0.0.1
- 4096-bit RSA key
- Valid for 365 days
- Used for client authentication
The script includes verification steps to ensure the certificates are properly generated:
# Verify server certificate
openssl verify -CAfile ca.pem server.pem
# Verify client certificate
openssl verify -CAfile ca.pem client.pem- Keep private keys (*.key files) secure and never share them
- The CA certificate (ca.pem) needs to be distributed to both client and server
- Server needs:
- server.key
- server.pem
- ca.pem
- Client needs:
- client.key
- client.pem
- ca.pem