https://tech.uvoo.io/index.php?action=history&feed=atom&title=Go_certificate_example_1
Go certificate example 1 - Revision history
2026-04-20T14:55:02Z
Revision history for this page on the wiki
MediaWiki 1.35.2
https://tech.uvoo.io/index.php?title=Go_certificate_example_1&diff=4807&oldid=prev
Busk: Created page with "https://gist.github.com/shaneutt/5e1995295cff6721c89a71d13a71c251 ``` package main import ( "bytes" "crypto/rand" "crypto/rsa" "crypto/tls" "crypto/x509" "crypto/x509/p..."
2023-12-19T22:46:24Z
<p>Created page with "https://gist.github.com/shaneutt/5e1995295cff6721c89a71d13a71c251 ``` package main import ( "bytes" "crypto/rand" "crypto/rsa" "crypto/tls" "crypto/x509" "crypto/x509/p..."</p>
<p><b>New page</b></p><div>https://gist.github.com/shaneutt/5e1995295cff6721c89a71d13a71c251<br />
```<br />
package main<br />
<br />
import (<br />
"bytes"<br />
"crypto/rand"<br />
"crypto/rsa"<br />
"crypto/tls"<br />
"crypto/x509"<br />
"crypto/x509/pkix"<br />
"encoding/pem"<br />
"fmt"<br />
"io/ioutil"<br />
"math/big"<br />
"net"<br />
"net/http"<br />
"net/http/httptest"<br />
"strings"<br />
"time"<br />
)<br />
<br />
func main() {<br />
// get our ca and server certificate<br />
serverTLSConf, clientTLSConf, err := certsetup()<br />
if err != nil {<br />
panic(err)<br />
}<br />
<br />
// set up the httptest.Server using our certificate signed by our CA<br />
server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {<br />
fmt.Fprintln(w, "success!")<br />
}))<br />
server.TLS = serverTLSConf<br />
server.StartTLS()<br />
defer server.Close()<br />
<br />
// communicate with the server using an http.Client configured to trust our CA<br />
transport := &http.Transport{<br />
TLSClientConfig: clientTLSConf,<br />
}<br />
http := http.Client{<br />
Transport: transport,<br />
}<br />
resp, err := http.Get(server.URL)<br />
if err != nil {<br />
panic(err)<br />
}<br />
<br />
// verify the response<br />
respBodyBytes, err := ioutil.ReadAll(resp.Body)<br />
if err != nil {<br />
panic(err)<br />
}<br />
body := strings.TrimSpace(string(respBodyBytes[:]))<br />
if body == "success!" {<br />
fmt.Println(body)<br />
} else {<br />
panic("not successful!")<br />
}<br />
}<br />
<br />
func certsetup() (serverTLSConf *tls.Config, clientTLSConf *tls.Config, err error) {<br />
// set up our CA certificate<br />
ca := &x509.Certificate{<br />
SerialNumber: big.NewInt(2019),<br />
Subject: pkix.Name{<br />
Organization: []string{"Company, INC."},<br />
Country: []string{"US"},<br />
Province: []string{""},<br />
Locality: []string{"San Francisco"},<br />
StreetAddress: []string{"Golden Gate Bridge"},<br />
PostalCode: []string{"94016"},<br />
},<br />
NotBefore: time.Now(),<br />
NotAfter: time.Now().AddDate(10, 0, 0),<br />
IsCA: true,<br />
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},<br />
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,<br />
BasicConstraintsValid: true,<br />
}<br />
<br />
// create our private and public key<br />
caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)<br />
if err != nil {<br />
return nil, nil, err<br />
}<br />
<br />
// create the CA<br />
caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)<br />
if err != nil {<br />
return nil, nil, err<br />
}<br />
<br />
// pem encode<br />
caPEM := new(bytes.Buffer)<br />
pem.Encode(caPEM, &pem.Block{<br />
Type: "CERTIFICATE",<br />
Bytes: caBytes,<br />
})<br />
<br />
caPrivKeyPEM := new(bytes.Buffer)<br />
pem.Encode(caPrivKeyPEM, &pem.Block{<br />
Type: "RSA PRIVATE KEY",<br />
Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),<br />
})<br />
<br />
// set up our server certificate<br />
cert := &x509.Certificate{<br />
SerialNumber: big.NewInt(2019),<br />
Subject: pkix.Name{<br />
Organization: []string{"Company, INC."},<br />
Country: []string{"US"},<br />
Province: []string{""},<br />
Locality: []string{"San Francisco"},<br />
StreetAddress: []string{"Golden Gate Bridge"},<br />
PostalCode: []string{"94016"},<br />
},<br />
IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},<br />
NotBefore: time.Now(),<br />
NotAfter: time.Now().AddDate(10, 0, 0),<br />
SubjectKeyId: []byte{1, 2, 3, 4, 6},<br />
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},<br />
KeyUsage: x509.KeyUsageDigitalSignature,<br />
}<br />
<br />
certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)<br />
if err != nil {<br />
return nil, nil, err<br />
}<br />
<br />
certBytes, err := x509.CreateCertificate(rand.Reader, cert, ca, &certPrivKey.PublicKey, caPrivKey)<br />
if err != nil {<br />
return nil, nil, err<br />
}<br />
<br />
certPEM := new(bytes.Buffer)<br />
pem.Encode(certPEM, &pem.Block{<br />
Type: "CERTIFICATE",<br />
Bytes: certBytes,<br />
})<br />
<br />
certPrivKeyPEM := new(bytes.Buffer)<br />
pem.Encode(certPrivKeyPEM, &pem.Block{<br />
Type: "RSA PRIVATE KEY",<br />
Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),<br />
})<br />
<br />
serverCert, err := tls.X509KeyPair(certPEM.Bytes(), certPrivKeyPEM.Bytes())<br />
if err != nil {<br />
return nil, nil, err<br />
}<br />
<br />
serverTLSConf = &tls.Config{<br />
Certificates: []tls.Certificate{serverCert},<br />
}<br />
<br />
certpool := x509.NewCertPool()<br />
certpool.AppendCertsFromPEM(caPEM.Bytes())<br />
clientTLSConf = &tls.Config{<br />
RootCAs: certpool,<br />
}<br />
<br />
return<br />
}<br />
```</div>
Busk