I'm wondering how to use godaddy's ssl certificate with GoLang Https server.
currently I'm using the following code:
srv := &http.Server{
Addr: httpsPortStr,
Handler: n,
ReadTimeout: time.Duration(config.CfgIni.ReadTimeout) * time.Second,
WriteTimeout: time.Duration(config.CfgIni.WriteTimeout) * time.Second,
}
err := srv.ListenAndServeTLS(<CERTIFICATE_FILE>,<PRIVATE_KEY_FILE>)
I still have sf_bundle-g2-g1.crt
. how do I add it to the chain of certificates ?
@Vonc's answer is really helpful, i'm just missing one last thing. I'm using http.Server instance in order to change ReadTimeout and WriteTimeout parameters. how can I do this with the tls ?
My previous code for this:
srv := &http.Server{
Addr: httpsPortStr,
Handler: n,
ReadTimeout: time.Duration(config.CfgIni.ReadTimeout) * time.Second,
WriteTimeout: time.Duration(config.CfgIni.WriteTimeout) * time.Second,
}
err := srv.ListenAndServeTLS(config.CfgIni.CertificateFile,config.CfgIni.PrivateKeyFile)
thanks!
You can see a full example here in the file-server-go
section.
The chain of certificate should be loaded in a x509.NewCertPool()
cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
certpool := x509.NewCertPool()
pem, err := ioutil.ReadFile("certs/ca.pem")
if err != nil {
log.Fatalf("Failed to read client certificate authority: %v", err)
}
if !certpool.AppendCertsFromPEM(pem) {
log.Fatalf("Can't parse client certificate authority")
}
config := tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: certpool,
}
config.Rand = rand.Reader
service := "0.0.0.0:8000"
listener, err := tls.Listen("tcp", service, &config)
In your case, ioutil.ReadFile("sf_bundle-g2-g1.crt")
.
I'm using http.Server instance in order to change ReadTimeout and WriteTimeout parameters
server := &http.Server{
Addr: "0.0.0.0:8000",
TLSConfig: tlsConfig,
ReadTimeout: time.Duration // maximum duration before timing out read of the request,
WriteTimeout: time.Duration // maximum duration before timing out write of the response
}
(replace time.Duration
with the actual time)
Then:
err := server.ListenAndServeTLS(certFile, keyFile string)
log.Fatal(err)
Note ListenAndServeTLS
always returns a non-nil error.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.