How to send a https request with a certificate gol

2020-02-08 06:03发布

站内问答 / Go
1144 3 4

I have a server which has a rest API running over https. I want to make a call to this rest api in my application which is running in different port but since this is over https I am getting 

Post https://localhost:8080/api/v1/myapi: x509: certificate signed by unknown authority

I have 2 files pulic_key.pem and private_key which can used to verify the certificate. How can verify certificate while sending rest request using golang? I am using &http.Client{} to send a rest request. Here is what I am doing to ignore the certificate right now.

tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

client := &http.Client{Transport: tr}

标签: rest ssl go
举报
3条回答
时光不老,我们不散
2楼-- · 2020-02-08 06:43

If the certificate is self-signed, you must add this option :

TLSClientConfig: &tls.Config{
   RootCAs:      caCertPool,
   InsecureSkipVerify: true,
},
查看更多
0人赞 添加讨论(0) 举报
劳资没心,怎么记你
3楼-- · 2020-02-08 07:01

You need to add CA of your certificate to your transport like:

package main

import (
    "crypto/tls"
    "io/ioutil"
    "log"
    "net/http"
    "crypto/x509"
)

func main() {
    caCert, err := ioutil.ReadFile("rootCA.crt")
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs:      caCertPool,
            },
        },
    }

    _, err := client.Get("https://secure.domain.com")
    if err != nil {
        panic(err)
    }
}

But I guess you just haven't created CA to make your certificates. Here is the list of commands without explanation which can help you to make certificates signed with your own CA. For more information, you can Google it.

  1. Generating CA

    openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt

  2. Generate certificate for secure.domain.com signed with created CA

    openssl genrsa -out secure.domain.com.key 2048
openssl req -new -key secure.domain.com.key -out secure.domain.com.csr
#In answer to question `Common Name (e.g. server FQDN or YOUR name) []:` you should set `secure.domain.com` (your real domain name)
openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt
查看更多
0人赞 添加讨论(0) 举报
来,给爷笑一个
4楼-- · 2020-02-08 07:07 
package main

import "crypto/tls"
import . "fmt"
import "io/ioutil"
import "net/http"
import "log"

func main(){
    // InsecureSkipVerify: true  ## thats what you need
    c:=&http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                InsecureSkipVerify: true,
            },
        },
    }
    html,err:=c.Get("http://google.com");if err!=nil{log.Fatal(err)}
    website,err:=ioutil.ReadAll(html.Body);if err!=nil{log.Fatal(err)}
    html.Body.Close()
    Print(string(website))
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)