From 715fa8ba2532a25f6c46d4c1d895c7cb18f0a400 Mon Sep 17 00:00:00 2001
From: Rene Rath <71257903+NiceRath@users.noreply.github.com>
Date: Mon, 27 Mar 2023 09:57:55 +0200
Subject: [PATCH] Added note for usage of existing certificates

---
 Security-Configuration.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Security-Configuration.md b/Security-Configuration.md
index eb6bbf0..8988a85 100644
--- a/Security-Configuration.md
+++ b/Security-Configuration.md
@@ -157,3 +157,9 @@ Java gRPC uses Netty's SslContext. From https://netty.io/wiki/sslcontextbuilder-
 > For example to convert a non-encrypted PKCS1 key to PKCS8 you would use:
 >
 > openssl pkcs8 -topk8 -nocrypt -in pkcs1_key_file -out pkcs8_key.pem
+
+### Existing certificates
+
+If you are using existing certificates: make sure they all have the **Extended Key Usage** 'TLS Web Server Authentication' AND 'TLS Web Client Authentication' set - as grpc uses them for both use-cases!
+
+Else you will see those errors: `error reading server preface: remote error: tls: bad certificate`
\ No newline at end of file