I have been using Boulder locally for internal purposes, and I am now encountering an issue with a TLS Bad Certificate error. I have attached a screenshot of the error for reference.
I recently extended my gRPC credentials/certificates (/test/grpc-creds/), which had expired last month, using Minica. However, the issue persists.
Could anyone suggest what else could be causing this problem? Are there any additional certificates that need to be updated on the gRPC server side?
from few months ago boulder repo started go dynamical generate grpc certificates for docker image startup: that would cause any manually signed certificate not trusted for those test system.
Thank you for your reply. As I understand, this is a new method implemented in the latest version, but I am using the older version from last year and have not yet upgraded.
Given this, is there something I need to do regarding the certificate ceremony, or should I add the server's intermediate or root CA certificate to my trust store? issue is something that ?
Found the issue! While regenerating the certificates via Minica, the nonce.boulder certificate was missing its SANs. I'm not sure how that was overlooked during regeneration since I used the regeneration script. The issue is now resolved. Thank you very much, @orangepizza, for taking the time to kindly respond to my queries!
