What's the easiest way to get TCP Client/Server authentication via TLS/Certs/Keys in Go?
That is, I have a TCP server, and when a new client tries to connect to it, it should receive a certificate/key from the Server to allow it to connect again in the future without re-authenticating (or at least until the certificate expires). Both the client and the server should authenticate the other. OpenSSL isn't an option to create keys as the clients will be cross platform (Windows/macOS/Linux). Essentially, the server should only accept connections from known clients, and authorize new clients as needed (the clients can have some sort of known secret when installed).
Here's what I think the general flow is (correct me if I'm wrong)
Server: Get Cert/Key pair --> if they don't exist, create them --> listen on port --> receive connection --> verify Certificate is valid --> if not, reject --> if it is, continue to do what the server is supposed to do
Client: Get cert/key pair --> if they don't exist (i.e just installed), request from the server (Signed by the server) --> continue to connect as normal
This is still in the planning phase and open to all suggestions!
Thanks!