When using Golang to make HTTPS requests, you need to install an SSL certificate. Otherwise, an error similar to the following will occur:
x509: certificate signed by unknown authority
In Golang, the net/http package in the standard library is used to make HTTP(S) requests. The default behavior of this package is to verify the server's certificate. If the server's certificate is not in Golang's built-in trusted certificate list, Golang will report the above error.
In order to solve this problem, we need to install the server certificate.
Use the openssl command to download the certificate from the remote server, as follows:
openssl s_client -connect example.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > example.com.crt
Among them, example.com is the domain name that needs to be downloaded. This command will download the certificate from port 443 of example.com and store it as an example.com.crt file.
Add the downloaded certificate to Golang’s trusted certificate list. There are two methods:
Add the certificate to the system certificate store and let Golang automatically recognize it.
Take Ubuntu as an example, copy the certificate to the system CA storage location:
sudo cp example.com.crt /usr/local/share/ca-certificates/
Then update the certificate:
sudo update-ca-certificates
Add the certificate to the root certificate pool of Golang's built-in certificate library, which can be achieved in the following ways.
package main import ( "crypto/tls" "crypto/x509" "io/ioutil" "fmt" "net/http" ) func main() { // 从文件载入证书 cert, err := ioutil.ReadFile("example.com.crt") if err != nil { fmt.Println(err) return } pool := x509.NewCertPool() // 将证书添加到根证书池中 if ok := pool.AppendCertsFromPEM(cert); !ok { fmt.Println("Failed to parse root certificate") return } tr := &http.Transport{ TLSClientConfig: &tls.Config{ RootCAs: pool, }, } client := &http.Client{Transport: tr} _, err = client.Get("https://example.com") if err != nil { fmt.Println(err) return } fmt.Println("Success") }
This program loads the example.com.crt file and adds it to the root certificate pool. This certificate is then used to access the example.com website. If the certificate is loaded successfully, "Success" is output.
Run the following code:
package main import ( "crypto/tls" "fmt" "net/http" ) func main() { resp, err := http.Get("https://example.com") if err != nil { fmt.Println(err) return } defer resp.Body.Close() fmt.Println(resp.Status) }
If the returned status code is 200, it means the certificate has been installed successfully. Otherwise, there may be other issues such as certificates or networking that need to be checked.
The above is how to install SSL certificate in Golang. In actual work, method 1 is more common, because there is usually a system administrator responsible for maintaining the system certificate database. The second method is suitable for some special situations.
The above is the detailed content of golang install certificate. For more information, please follow other related articles on the PHP Chinese website!