To enable TLS on the server, the following files are required:
certificates/server.pem the certificate chain for the server in in PEM
format
certificates/server.key the private key for the server certificate chain
certificates/trusted_client_roots.pem the root certificates that are
trusted when authenticating clients
The set of trusted client root certificates is used when authenticating the
client. You can choose to obtain this set of trusted roots from an authority
like Mozilla or install the set of
roots currently recommended by the Google Internet Authority
G2. In the latter case, you may have to
manually update the root certificate at times.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-31 UTC."],[[["This guide outlines the process of setting up a Ruby gRPC server using a provided service definition."],["Users will need to install required gems, generate Ruby libraries from the service definition, and implement the server logic."],["Testing can be done initially without TLS, but production environments require configuring certificates for secure communication."],["The final setup involves organizing certificates and generated libraries within a specific directory structure for the server to function properly."],["Obtaining and updating trusted root certificates for client authentication are crucial steps for production deployment."]]],["The implementation requires the `google-protobuf` and `grpc` gems. Download the service definition, create the specified directory structure, and generate Ruby libraries using `grpc_tools_ruby_protoc`. TLS can be initially disabled using `--disable_tls` for testing. Production requires `server.pem`, `server.key`, and `trusted_client_roots.pem` within the certificates directory for TLS. The `trusted_client_roots.pem` may come from an authority like Mozilla or Google Internet Authority G2.\n"]]