.Net Core + gRPC on a Intranet (WCF equvalent net.tcp bindinng

Hello everybody,
this is my first post here, please forgive me If I break some “netiquette”.
I’m porting an existing WPF / WCF (NetTcpBinding). I’ve successfully ported it to WPF / .Net Core 3.1 / gRPC most of it and I’m quite happy. Now my problem is about security, since I need to implement security gRPC way. I need certificates but I don’t have a domain, nor do I plan to have one in the future. The app will run on a Intranet and doesn’t need to expose to the outside. Can anyone suggest me what steps should I take. One computer on the intranet will run as a Server, n-computers will run as client inside the very same intranet.

Hi @robertodalmonte

if you don’t have a public visible and unique domain, you can’t create a Letsencrypt certificate.

But if it is only an internal solution: Create a self signed certificate with a long duration (10 or 20 years) and use an exception in your code to ignore the certificate error.

:wave: Hi @robertodalmonte, welcome to the community forum.

This kind of use-case is best served by running your own internal PKI that can issue client and server certificates for your gRPC components as required.

You might find something like Smallstep is a good way to achieve this. It also has ACME support so you can use existing clients like Certbot within your internal PKI.

1 Like

Thanks a lot Juergen I appreciate your help.

Hi Daniel
thank you…I guess that PK is a Personal Key. The software will be (hopefully) installed in various locations (all of them intranet) and I would like to avoid the need to manually configure each location with personal key. Is there a way to automate it, so I can distribute a Server App, a Client app and I’m done?

Hi @robertodalmonte

PKI in this context stands for Public Key Infrastructure: https://en.wikipedia.org/wiki/Public_key_infrastructure

Likely in this situation each installation location would need to operate its own internal PKI. I’m afraid I can’t provide much advice about how you could automate deployment of a PKI inside each location as part of your software install, but in principal it is achievable.

It is more clear now, thank you very much

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.