Home >Backend Development >Golang >How Can I Verify Server Certificates in HTTPS Requests Using Go?

How Can I Verify Server Certificates in HTTPS Requests Using Go?

Linda Hamilton
Linda HamiltonOriginal
2024-12-11 07:14:12715browse

How Can I Verify Server Certificates in HTTPS Requests Using Go?

Verify Server Certificates in HTTPS Requests with Golang

When accessing HTTPS websites or services, your application may encounter SSL certificate errors if your local trust store does not include the certificate authority (CA) that issued the server's certificate. If you want to establish secure HTTPS connections without ignoring certificate verification, this article provides a solution using Go's HTTP client library.

To ignore certificate verification and disable certificate checking, you can use the following code snippet:

tr := &http.Transport{
    TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

client := &http.Client{Transport: tr}

However, this approach is not recommended for production environments as it can pose a security risk.

Verifying Server Certificates

To verify server certificates, you need to add the CA certificate to your transport configuration. Below is an example:

package main

import (
    "crypto/tls"
    "io/ioutil"
    "log"
    "net/http"
    "crypto/x509"
)

func main() {
    caCert, err := ioutil.ReadFile("rootCA.crt")
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs:      caCertPool,
            },
        },
    }

    _, err := client.Get("https://secure.domain.com")
    if err != nil {
        panic(err)
    }
}

Generating Certificates for Your Server

If you do not have a CA certificate, you can generate one along with a certificate for your server using the following commands:

  1. Generate CA:
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt
  1. Generate certificate for your domain, signed by your CA:
openssl genrsa -out secure.domain.com.key 2048
openssl req -new -key secure.domain.com.key -out secure.domain.com.csr
# In answer to question `Common Name (e.g. server FQDN or YOUR name) []:` you should set `secure.domain.com` (your real domain name)
openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt

By completing these steps, you will have a properly configured HTTP client that verifies server certificates in Go. This ensures secure HTTPS communication with the specified server.

The above is the detailed content of How Can I Verify Server Certificates in HTTPS Requests Using Go?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn