douzhao1912 2018-08-19 00:36
浏览 114

在Go中手动验证PEM证书?

My situation is such: I am manually verifying the Splunk instance's server cert to my client application. I create a new httpclient wrapper with this method. Can someone explain to me exactly what I am to do? My guess is that to 1. there is no IP address designated as the CA, 2. Some config file screaming out, 3. No idea

const SplunkPEM = `---BEGIN...jsldfjklsd---END`

func NewHttpClient() (*http.Client, error) {
rootcas := x509.NewCertPool()
ok := rootcas.AppendCertsFromPEM([]byte(SplunkPEM))
if !ok {
    return http.DefaultClient, ErrString("Failed to parse PEM!")

}

conf := &tls.Config{
    MinVersion: tls.VersionTLS12,
    RootCAs:    rootcas,
    ServerName: "SplunkServerDefaultCert",
}
tr := &http.Transport{TLSClientConfig: conf}
client := &http.Client{Transport: tr}
return client, nil
}

error 1: cannot validate certificate for 10.0.0.112 because it doesn't contain any IP SANs --so I tried changing

&tls.Config{
ServerName: "SplunkServerDefaultCert",
}

error 2: certificate is valid for SplunkServerDefaultCert, not splunk.com

error 3: certificate is not authorized to sign other certificates

  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 MATLAB动图的问题
    • ¥15 求差集那个函数有问题,有无佬可以解决
    • ¥15 【提问】基于Invest的水源涵养
    • ¥20 微信网友居然可以通过vx号找到我绑的手机号
    • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
    • ¥15 解riccati方程组
    • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
    • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
    • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
    • ¥50 树莓派安卓APK系统签名