Home  >  Article  >  Backend Development  >  golang install certificate

golang install certificate

PHPz
PHPzOriginal
2023-05-22 16:38:07930browse

When using Golang to make HTTPS requests, you need to install an SSL certificate. Otherwise, an error similar to the following will occur:

x509: certificate signed by unknown authority

In Golang, the net/http package in the standard library is used to make HTTP(S) requests. The default behavior of this package is to verify the server's certificate. If the server's certificate is not in Golang's built-in trusted certificate list, Golang will report the above error.

In order to solve this problem, we need to install the server certificate.

1. Download the certificate

Use the openssl command to download the certificate from the remote server, as follows:

openssl s_client -connect example.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > example.com.crt

Among them, example.com is the domain name that needs to be downloaded. This command will download the certificate from port 443 of example.com and store it as an example.com.crt file.

2. Install the certificate

Add the downloaded certificate to Golang’s trusted certificate list. There are two methods:

2.1 Method 1: Add to the system certificate Library

Add the certificate to the system certificate store and let Golang automatically recognize it.

Take Ubuntu as an example, copy the certificate to the system CA storage location:

sudo cp example.com.crt /usr/local/share/ca-certificates/

Then update the certificate:

sudo update-ca-certificates

2.2 Method 2: Manually add the certificate to the Golang built-in certificate Library

Add the certificate to the root certificate pool of Golang's built-in certificate library, which can be achieved in the following ways.

package main
 
import (
    "crypto/tls"
    "crypto/x509"
    "io/ioutil"
    "fmt"
    "net/http"
)
 
func main() {
    // 从文件载入证书
    cert, err := ioutil.ReadFile("example.com.crt")
    if err != nil {
        fmt.Println(err)
        return
    }
 
    pool := x509.NewCertPool()
 
    // 将证书添加到根证书池中
    if ok := pool.AppendCertsFromPEM(cert); !ok {
        fmt.Println("Failed to parse root certificate")
        return
    }
 
    tr := &http.Transport{
        TLSClientConfig: &tls.Config{
            RootCAs: pool,
        },
    }
 
    client := &http.Client{Transport: tr}
 
    _, err = client.Get("https://example.com")
    if err != nil {
        fmt.Println(err)
        return
    }
 
    fmt.Println("Success")
}

This program loads the example.com.crt file and adds it to the root certificate pool. This certificate is then used to access the example.com website. If the certificate is loaded successfully, "Success" is output.

3. Verify whether the certificate is installed successfully

Run the following code:

package main
 
import (
    "crypto/tls"
    "fmt"
    "net/http"
)
 
func main() {
    resp, err := http.Get("https://example.com")
    if err != nil {
        fmt.Println(err)
        return
    }
    defer resp.Body.Close()
    fmt.Println(resp.Status)
}

If the returned status code is 200, it means the certificate has been installed successfully. Otherwise, there may be other issues such as certificates or networking that need to be checked.

The above is how to install SSL certificate in Golang. In actual work, method 1 is more common, because there is usually a system administrator responsible for maintaining the system certificate database. The second method is suitable for some special situations.

The above is the detailed content of golang install certificate. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to download golangNext article:How to download golang