How Can I Verify Server Certificates in HTTPS Requests Using Go?-Golang-php.cn

How Can I Verify Server Certificates in HTTPS Requests Using Go?

Linda Hamilton

Release： 2024-12-11 07:14:12

Original

714 people have browsed it

How Can I Verify Server Certificates in HTTPS Requests Using Go?

Verify Server Certificates in HTTPS Requests with Golang

When accessing HTTPS websites or services, your application may encounter SSL certificate errors if your local trust store does not include the certificate authority (CA) that issued the server's certificate. If you want to establish secure HTTPS connections without ignoring certificate verification, this article provides a solution using Go's HTTP client library.

To ignore certificate verification and disable certificate checking, you can use the following code snippet:

tr := &http.Transport{
    TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

client := &http.Client{Transport: tr}

Copy after login

However, this approach is not recommended for production environments as it can pose a security risk.

Verifying Server Certificates

To verify server certificates, you need to add the CA certificate to your transport configuration. Below is an example:

package main

import (
    "crypto/tls"
    "io/ioutil"
    "log"
    "net/http"
    "crypto/x509"
)

func main() {
    caCert, err := ioutil.ReadFile("rootCA.crt")
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs:      caCertPool,
            },
        },
    }

    _, err := client.Get("https://secure.domain.com")
    if err != nil {
        panic(err)
    }
}

Copy after login

Generating Certificates for Your Server

If you do not have a CA certificate, you can generate one along with a certificate for your server using the following commands:

Generate CA:

openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt

Copy after login

Generate certificate for your domain, signed by your CA:

openssl genrsa -out secure.domain.com.key 2048
openssl req -new -key secure.domain.com.key -out secure.domain.com.csr
# In answer to question `Common Name (e.g. server FQDN or YOUR name) []:` you should set `secure.domain.com` (your real domain name)
openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt

Copy after login

By completing these steps, you will have a properly configured HTTP client that verifies server certificates in Go. This ensures secure HTTPS communication with the specified server.

The above is the detailed content of How Can I Verify Server Certificates in HTTPS Requests Using Go?. For more information, please follow other related articles on the PHP Chinese website!