如何在Golang Web服务器上设置HTTPS?

我正在阅读 https://www.kaihag.com/https-and-go/ 并从Comodo购买了SSL证书,他们通过电子邮件将其发送给我 .zip </ code> 文件。 到目前为止,我拥有的所有文件都是这样的</ p>

  csr.pem 
private-key.pem
website.com.crt
website.com.ca-bundle
website .com.zip
</ code> </ pre>

以上网站希望我连接3个我没有的 .pem </ code>文件。 顺便说一下, .pem </ code>文件需要串联的原因是什么? 使用上述未修改的文件,如何在golang网络服务器上设置https?</ p>
</ div>

展开原文

原文

I'm reading https://www.kaihag.com/https-and-go/ and bought an SSL certificate from Comodo which they emailed me a .zip file. All of the files I have so far look like this

csr.pem
private-key.pem
website.com.crt
website.com.ca-bundle
website.com.zip

The above website wants me to concatenate 3 .pem files which I don't have. Incidentally what is the reason the .pem files need to concatenated? Using the above files which haven't been modified, how can https be set up on a golang webserver?

4个回答



使用 https://golang.org/pkg/net/http/#ListenAndServeTLS </ p>

  http.HandleFunc(“ /”,handler)
log.Printf( “即将收听10443。请访问https://127.0.0.1:10443/”)
err:= http.ListenAndServeTLS(“:10443”,“ cert.pem”,“ key.pem”,nil)
log .Fatal(err)
</ code> </ pre>

这并不是一个切实可行的问题,但是由于计算机仅存储根证书,因此需要中间证书。 通过将它们串联在一起,可以将它们全部放在一个文件中,以便浏览器获取所有证书-这是必需的步骤,否则您的服务器将在某些设备上发生故障。 您的证书提供商将提供执行此操作的说明。 要使用Go,您需要一个证书文件和一个私钥文件。 </ p>

https://kb.wisc.edu/ page.php?id = 18923 </ p>

以下是comodo结合证书的一些说明(无论使用哪个服务器,过程都相同):< / p>

https://support.comodo.com/index.php?/Knowledgebase/Article/View/1091/37/certificate-installation--nginx </ p>
</ div>

展开原文

原文

Use https://golang.org/pkg/net/http/#ListenAndServeTLS

http.HandleFunc("/", handler)
log.Printf("About to listen on 10443. Go to https://127.0.0.1:10443/")
err := http.ListenAndServeTLS(":10443", "cert.pem", "key.pem", nil)
log.Fatal(err)

This isn't really a go question, but the intermediate certs are required because computers only store root certs. By concatenating them you put them all in one file so the browser gets all certs - this is a required step otherwise your server will fail on certain devices. Your cert provider will provide instructions for doing this. For go you need one cert file and one private key file.

https://kb.wisc.edu/page.php?id=18923

Here are some instructions for comodo for combining the certs (doesn't matter which server is used, the process is the same):

https://support.comodo.com/index.php?/Knowledgebase/Article/View/1091/37/certificate-installation--nginx



您需要 http.ListenAndServeTLS </ code> </ p>

 包主 

import(
//“ fmt”
//“ io”
“ net / http”
“ log”

func HelloServer(w http.ResponseWriter,req * http.Request ){
w.Header()。Set(“ Content-Type”,“ text / plain”)
w.Write([] byte(“这是示例服务器。
”))
// fmt.Fprintf(w,“这是一个示例服务器。
”)
// io.WriteString(w,“这是一个示例服务器。
”)
}

func main(){\ nhttp.HandleFunc(“ / hello”,HelloServer)
err:= http.ListenAndServeTLS(“:443”,“ server.crt”,“ server.key”,nil)
如果err!= nil {
log .Fatal(“ ListenAndServe:”,err)
}
}
</ code> </ pre>

这是一个代码段: https://gist.github.com/denji/12b3a568f092ab951456 </ p>
</ div>

展开原文

原文

You need http.ListenAndServeTLS

package main

import (
    // "fmt"
    // "io"
    "net/http"
    "log"
)

func HelloServer(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("This is an example server.
"))
    // fmt.Fprintf(w, "This is an example server.
")
    // io.WriteString(w, "This is an example server.
")
}

func main() {
http.HandleFunc("/hello", HelloServer)
    err := http.ListenAndServeTLS(":443", "server.crt", "server.key", nil)
    if err != nil {
        log.Fatal("ListenAndServe: ", err)
    }
}

Here’s a snippet: https://gist.github.com/denji/12b3a568f092ab951456

doubaisui2526
doubaisui2526 如果我没事的话,这些就是发行人的证明。 包括此类证书并创建捆绑包是件好事,因为如果浏览器(以前版本的Firefox)无法访问完整的链,则它们不会接受您的正确证书。 您可以从Chrome浏览器开始调试所有内容。 然后将所有证书加入捆绑包并进行部署
接近 3 年之前 回复
dsilhx5830
dsilhx5830 是的,但是IIRC不需要将文件串联在一起来创建server.crt吗? 我可能会记得错了
接近 3 年之前 回复



这是我的发现,我想与大家分享一下,因为所有可用的安装指南均针对Nginx和Apache HTTP,这花了我几个小时 配置,而不是Golang Web服务器。</ p>

环境:</ p>


  • 来自Comodo / Sectigo的SSL证书</ li>
  • Gin-gonic作为中间件</ li>
    </ ul>

    问题:</ p>


    • 在Chrome / Mac上的Firefox,但在Windows Firefox上却给我CORS错误。 后来,发现这与CORS无关,我使用 https://www.digicert.com/help 。 结果是,“证书未由受信任的机构签名(通过Mozilla的根存储进行检查)”。</ li>
      </ ul>

      解决方案:</ p>

      解决方案是使用文本编辑器连接以下证书,并根据需要命名。 我将其保存为“ my_domain.txt”。</ p>


      • my_domain.ca-bundle(其中包含一个根和两个中间证书)</ li>
      • my_domain.crt(我域的主要证书)</ li>
        </ ul>

        然后像这样运行它,</ p>

         路由器。  RunTLS(“:” + os.Getenv(“ PORT”),“ ../my_domain.txt”,“ ../ my_private_key.txt”)
        </ code> </ pre>

        希望对您有所帮助!</ p>
        </ div>

展开原文

原文

Here is my finding and I would like to share because it took me a few hours as all available installation guides were for Nginx and Apache HTTP configurations, not for the Golang Web Server.

Environments:

  • SSL certificate from Comodo / Sectigo
  • Gin-gonic as middleware

Issue:

  • It was working fine on Chrome/Firefox on Mac but was giving me a CORS error on Windows Firefox. Later, it was found that it was not really a CORS related matter, and I diagnosed my ubuntu server of the SSL validity by using https://www.digicert.com/help. The result was, "The certificate is not signed by a trusted authority (checking against Mozilla's root store)".

Solution:

The solution is to concatenate the following certificates by using a text editor and name it as you'd like. I saved it as "my_domain.txt".

  • my_domain.ca-bundle (which includes one root and two intermediate certs)
  • my_domain.crt (the main cert for my domain)

Then run it like this,

router.RunTLS(":"+os.Getenv("PORT"), "../my_domain.txt", "../my_private_key.txt")

Hope it helped!



https: //github.com/adrianosela/sslmgr 抽象出密钥和证书的整个概念。 您所需要做的就是使主机名可以访问服务器(即您的DNS必须将yourdomain.com指向your-public-ip)。 您甚至可以为本地开发禁用SSL,如下所示:</ p>

  ss,err:= sslmgr.NewServer(sslmgr.ServerConfig {
主机名:[] string {os.Getenv( “ yourdomain.com”)},
处理程序:h,
ServeSSLFunc:func()bool {
返回strings.ToLower(os.Getenv(“ PROD”))==“ true”
},
})
if err!= nil {
log.Fatal(err)
}
ss.ListenAndServe()
</ code> </ pre>
</ div>

展开原文

原文

The library https://github.com/adrianosela/sslmgr abstracts away the whole concept of keys and certificates. All you need is for the server to be reachable by the hostname (i.e. your DNS must point yourdomain.com to your-public-ip). You can even disable SSL for local development as follows:

ss, err := sslmgr.NewServer(sslmgr.ServerConfig{
    Hostnames: []string{os.Getenv("yourdomain.com")},
    Handler:   h,
    ServeSSLFunc: func() bool {
        return strings.ToLower(os.Getenv("PROD")) == "true"
    },
})
if err != nil {
    log.Fatal(err)
}
ss.ListenAndServe()

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问