Difference between revisions of "Go openssl http api"
Jump to navigation
Jump to search
Line 8: | Line 8: | ||
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "extendedKeyUsage = clientAuth" | openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "extendedKeyUsage = clientAuth" | ||
+ | ``` | ||
+ | |||
+ | ``` | ||
+ | serverAuth: This indicates that the certificate can be used for server authentication. | ||
+ | clientAuth: This indicates that the certificate can be used for client authentication. | ||
+ | codeSigning: This indicates that the certificate can be used for code signing. | ||
+ | emailProtection: This indicates that the certificate can be used for email protection (S/MIME). | ||
+ | timeStamping: This indicates that the certificate can be used for timestamping. | ||
+ | ocspSigning: This indicates that the certificate can be used for OCSP (Online Certificate Status Protocol) signing. | ||
+ | anyExtendedKeyUsage: This indicates that the certificate can be used for any extended key usage purpose. | ||
+ | You can specify multiple usages by separating them with commas in the extendedKeyUsage extension field. For example, to allow both server authentication and client authentication, you would use extendedKeyUsage = serverAuth,clientAuth. | ||
``` | ``` | ||
Latest revision as of 15:07, 4 May 2024
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "subjectAltName = DNS:example.com,DNS:www.example.com,IP:192.168.1.2"
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "extendedKeyUsage = clientAuth"
serverAuth: This indicates that the certificate can be used for server authentication. clientAuth: This indicates that the certificate can be used for client authentication. codeSigning: This indicates that the certificate can be used for code signing. emailProtection: This indicates that the certificate can be used for email protection (S/MIME). timeStamping: This indicates that the certificate can be used for timestamping. ocspSigning: This indicates that the certificate can be used for OCSP (Online Certificate Status Protocol) signing. anyExtendedKeyUsage: This indicates that the certificate can be used for any extended key usage purpose. You can specify multiple usages by separating them with commas in the extendedKeyUsage extension field. For example, to allow both server authentication and client authentication, you would use extendedKeyUsage = serverAuth,clientAuth.
package main import ( "fmt" "io/ioutil" "net/http" "os" "os/exec" "github.com/labstack/echo/v4" ) func main() { e := echo.New() e.POST("/generate-certificate", func(c echo.Context) error { // Generate a self-signed certificate using OpenSSL cmd := exec.Command("openssl", "req", "-x509", "-newkey", "rsa:4096", "-keyout", "key.pem", "-out", "cert.pem", "-days", "365", "-subj", "/CN=example.com") output, err := cmd.CombinedOutput() if err != nil { return c.String(http.StatusInternalServerError, fmt.Sprintf("Error generating certificate: %s", err)) } return c.String(http.StatusOK, fmt.Sprintf("Certificate generated successfully:\n%s", output)) }) e.GET("/get-certificate/:filename", func(c echo.Context) error { // Serve generated certificate files filename := c.Param("filename") c.Response().Header().Set(echo.HeaderContentType, "application/x-pem-file") return c.File(filename) }) e.Start(":8080") }