如何使用TLS连接GRPC ?

我试图不成功地获得一个基本的GRPC服务器和客户端与SSL/TLS工作，与节点客户端和Java服务器。从没有安全性开始:

// client.js
const creds = grpc.credentials.createInsecure()
const stub  = new hello_proto.Greeter('localhost:50051', creds)
stub.sayHello(...)

// server.java
Server server = ServerBuilder.forPort(50051)
.addService(serviceImplementation)
.build();
server.start();

在这里一切正常。然后，我尝试添加SSL凭据，生成如下的证书和私钥(以下是Python示例):

$ openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt

生成证书(server.crt)和私钥(server.key)。然后，按照grpc的指导，将这些凭据添加到客户机和服务器(仅在服务器上使用私钥)。io Auth Guide和grpc-java:

// client.js
const rootCert = fs.readFileSync("path/to/server.crt");
const channelCreds = grpc.credentials.createSsl(rootCert);
const stub = new hello_proto.Greeter('localhost:50051', channelCreds);
stub.sayHello(...)

// server.java
File certChainFile  = File("path/to/server.crt")
File privateKeyFile = File("path/to/server.key")
Server server = ServerBuilder.forPort(50051)
.useTransportSecurity(certChainFile, privateKeyFile)
.addService(serviceImplementation)
.build();
server.start();

现在我得到一个错误UNAVAILABLE: No connection established在客户端:

Error: 14 UNAVAILABLE: No connection established
at Object.callErrorFromStatus (path/to/node_modules/@grpc/grpc-js/build/src/call.js:31:26)
at Object.onReceiveStatus (path/to/node_modules/@grpc/grpc-js/build/src/client.js:176:52)
at Object.onReceiveStatus (path/to/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:336:141)
at Object.onReceiveStatus (path/to/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:299:181)
at path/to/node_modules/@grpc/grpc-js/build/src/call-stream.js:130:78
at processTicksAndRejections (node:internal/process/task_queues:76:11) {
code: 14,
details: 'No connection established',
metadata: Metadata { internalRepr: Map(0) {}, options: {} }
}

服务器端没有错误。客户端错误与我在服务器关闭时得到的错误完全相同。

如何在Java服务器和节点客户端之间实现基本TLS身份验证?