Home > Backend Development > Golang > How Can I Verify Server Certificates in HTTPS Requests Using Go?

How Can I Verify Server Certificates in HTTPS Requests Using Go?

Linda Hamilton
Release: 2024-12-11 07:14:12
Original
741 people have browsed it

How Can I Verify Server Certificates in HTTPS Requests Using Go?

Verify Server Certificates in HTTPS Requests with Golang

When accessing HTTPS websites or services, your application may encounter SSL certificate errors if your local trust store does not include the certificate authority (CA) that issued the server's certificate. If you want to establish secure HTTPS connections without ignoring certificate verification, this article provides a solution using Go's HTTP client library.

To ignore certificate verification and disable certificate checking, you can use the following code snippet:

tr := &http.Transport{
    TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

client := &http.Client{Transport: tr}
Copy after login

However, this approach is not recommended for production environments as it can pose a security risk.

Verifying Server Certificates

To verify server certificates, you need to add the CA certificate to your transport configuration. Below is an example:

package main

import (
    "crypto/tls"
    "io/ioutil"
    "log"
    "net/http"
    "crypto/x509"
)

func main() {
    caCert, err := ioutil.ReadFile("rootCA.crt")
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs:      caCertPool,
            },
        },
    }

    _, err := client.Get("https://secure.domain.com")
    if err != nil {
        panic(err)
    }
}
Copy after login

Generating Certificates for Your Server

If you do not have a CA certificate, you can generate one along with a certificate for your server using the following commands:

  1. Generate CA:
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt
Copy after login
  1. Generate certificate for your domain, signed by your CA:
openssl genrsa -out secure.domain.com.key 2048
openssl req -new -key secure.domain.com.key -out secure.domain.com.csr
# In answer to question `Common Name (e.g. server FQDN or YOUR name) []:` you should set `secure.domain.com` (your real domain name)
openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt
Copy after login

By completing these steps, you will have a properly configured HTTP client that verifies server certificates in Go. This ensures secure HTTPS communication with the specified server.

The above is the detailed content of How Can I Verify Server Certificates in HTTPS Requests Using Go?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template