I want to create a tls client using the net/http in GO how can I create it given the ca certificates?
1条回答 默认 最新
dongqun5769 2016-07-26 07:50关注package main import ( "crypto/tls" "crypto/x509" "flag" "io/ioutil" "log" "net/http" ) var ( certFile = flag.String("cert", "someCertFile", "A PEM eoncoded certificate file.") keyFile = flag.String("key", "someKeyFile", "A PEM encoded private key file.") caFile = flag.String("CA", "someCertCAFile", "A PEM eoncoded CA's certificate file.") ) func main() { flag.Parse() // Load client cert cert, err := tls.LoadX509KeyPair(*certFile, *keyFile) if err != nil { log.Fatal(err) } // Load CA cert caCert, err := ioutil.ReadFile(*caFile) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) // Setup HTTPS client tlsConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: caCertPool, } tlsConfig.BuildNameToCertificate() transport := &http.Transport{TLSClientConfig: tlsConfig} client := &http.Client{Transport: transport} // Do GET something resp, err := client.Get("https://localdev.local:8443") if err != nil { log.Fatal(err) } defer resp.Body.Close() // Dump response data, err := ioutil.ReadAll(resp.Body) if err != nil { log.Fatal(err) } log.Println(string(data)) }Mostly borrowed from this gist. And here is a great article to work with TLS in Go: https://ericchiang.github.io/tls/go/https/2015/06/21/go-tls.html
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 2016-07-26 06:54回答 1 已采纳 package main import ( "crypto/tls" "crypto/x509" "flag" "io/ioutil" "log"
- 2019-04-22 05:33回答 2 已采纳 TLS without certificates would require support for cipher suites which don't use certificates. L
- 2017-02-15 22:17回答 1 已采纳 No, as @JimB told you, TLS can't work without certificates. The reasoning is simple: TLS is all a
- 2022-10-07 12:11oceanweave的博客 在使用openssl创建证书时,遵循的步骤是 创建秘钥 > 创建CA > 生成要颁发证书的秘钥 > 使用CA签发证书。不管是根证书,中级证书还是终端域名证书,都需要先生成一个私钥,然后通过私钥来获取公钥再进行证书签名,...
- 2016-05-05 19:02回答 1 已采纳 Is it possible to also verify the client certs against a provided CRL? Yes, it is possible, b
- 2014-02-04 20:05回答 1 已采纳 You can replace the system CA set by providing a root CA pool in tls.Config. certs := x509.NewCer
- 2016-03-30 18:37回答 1 已采纳 @JohnWeldon's comment led me to the solution, which is that I need to modify the client Certificat
- 2018-05-06 19:50wuhuimin521的博客 使用Go实现TLS 服务器和客户端 传输层安全协议(Transport Layer Security,缩写:TLS),及其前身安全套接层(Secure Sockets Layer,缩写:SSL)是一种安全协议,目的是为互联网通信提供安全及数据...
- 2021-09-29 11:02回答 1 已采纳 不懂就问,window2012,这是一个怎么样的环境?为啥要用这个环境?有什么特点吗?
- 2016-02-26 01:42回答 1 已采纳 BuildNameToCertificate() will sniff the hostname from the cert. If none match the SNI info it ser
- 2017-11-09 06:58回答 1 已采纳 You can use peer.Peer from ctx context.Context for access to the OID registry in x509.Certificate.
- 2020-10-09 12:10wo有点烦的博客 文章目录一、 Docker-TLS加密通讯1.1 TLS介绍1.2 CA证书证书创建流程二、 TLS加密通讯实操实验目的实验环境实验参数实验过程1. 修改主机的前置环境2. 创建ca证书密钥3. 创建ca证书4. 创建服务端私钥5. 给服务端私钥...
- 2018-07-24 04:03回答 1 已采纳 Instead of using NewTLSServer() you want to: Create your test server via httptest.NewUnstartedSe
- 2021-01-28 17:31_观众的博客 希望在生成 SSL/TLS 证书之前,您已经安装有 openssl 以及对 SSL/TLS 有了初步的了解。 概述 本文主要讲述CA的私钥和x509自签名证书的生成,服务器/客户端的私钥和CSR的生成,以及CA对服务器/客户端的CSR签名操作。...
- 2020-11-13 00:20和风说话的青苔的博客 ca.conf # ca.conf [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name # 生成v3版本带扩展属性的证书 req_extensions = v3_req # 设置默认域名 [ req_...
- 没有解决我的问题, 去提问
悬赏问题
- ¥40 复杂的限制性的商函数处理
- ¥15 程序不包含适用于入口点的静态Main方法
- ¥15 素材场景中光线烘焙后灯光失效
- ¥15 请教一下各位,为什么我这个没有实现模拟点击
- ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
- ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
- ¥20 有关区间dp的问题求解
- ¥15 多电路系统共用电源的串扰问题
- ¥15 slam rangenet++配置
- ¥15 有没有研究水声通信方面的帮我改俩matlab代码