Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/luizhlelis/go-lang-https-self-signed

Sample of a self signed certificate https server in golang. This repo demonstrates to you the best way to up your self signed cert in golang. It shows in a simple way how to generate and trust the ssl certificate and how to serve a https server in golang.
https://github.com/luizhlelis/go-lang-https-self-signed

golang https https-server ssl ssl-certificates tls tls-certificate

Last synced: 2 months ago
JSON representation

Sample of a self signed certificate https server in golang. This repo demonstrates to you the best way to up your self signed cert in golang. It shows in a simple way how to generate and trust the ssl certificate and how to serve a https server in golang.

Awesome Lists containing this project

README 

          
# Building a self signed certificate https server in golang



This repository will be useful to you if you want to create a self signed server in `golang`. The client is only an `ash` file which runs `curls` to get `https` server home page after trusted its certificate.



## Running the project



To up the client and server containers, run the command below:



``` bash

docker-compose up

```



## Server



The command above will firstly up the server container and will run an ash file called `generate-certificate.sh` that generates a `servercert.key` file which is the private key and `servercert.csr` which is the certificate signing request (CSR) that contains the public key. The `CN` passed in `-subj` is the most important field because some browsers like chrome require that information. `CN` means Common Name and it's the domain name that you would like to have SSL secured. Then, the certificate file will be generated, this file named `servercert.crt` is generated by the last command in the `ash` and it's the self-signed certificate signed by your own `servercert.key` private key. The `x509` flag states the standard format of an SSL/TLS certificate which is `X.509`. Finally, the `https` server will go up because of the `go run main.go` command.



In the `main.go` file we used the cert and the key to serve the `https` self signed server:



``` go

func handleRequests() {



  tlsCert := os.Getenv("tls-certificate")

  tlsKey := os.Getenv("tls-key")

  serverPort := os.Getenv("server-port")



  router := mux.NewRouter().StrictSlash(true)

  controllers.HandleHomeRoutes(router, "https")



  log.Fatal(http.ListenAndServeTLS(serverPort, tlsCert, tlsKey, router))

}

```



and in the `.env` file we declare the cert and key places in the folder hierarchy:



``` env

tls-certificate="certificates/servercert.crt"

tls-key="servercert.key"

```



## Client



The client container has a volume where the server certificate was genereted: `./server/certificates:/certificates`. The reason is because the client needs to trust that certificate to make `https` calls and aply the `TLS` protocol with the two way handshake. That trust was made with the command `update-ca-certificates` when we run `trust-server-certificate.sh`, than we can call the `https` server normally, in the present example we use `curl` calls in the `get-server-home.sh` file.



## Running only the server with a client running locally



To up only the server, run the command below:



``` bash

docker-compose up server

```



than you can run your `https` calls to the server locally. But before, you need to trust the server certificate, if you're using a linux OS, trust the server with the commands described in the `trust-server-certificate.sh` file. Otherwise, follow the steps below:



[Mac Os](https://tosbourn.com/getting-os-x-to-trust-self-signed-ssl-certificates/)



[Windows](https://superuser.com/questions/370217/trust-ssl-certificate-to-local-system-account)



[Linux](https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list)