Difference between revisions of "Go openssl http api"

From UVOO Tech Wiki
Jump to navigation Jump to search
 
Line 8: Line 8:
 
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "extendedKeyUsage = clientAuth"
 
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "extendedKeyUsage = clientAuth"
  
 +
```
 +
 +
```
 +
serverAuth: This indicates that the certificate can be used for server authentication.
 +
clientAuth: This indicates that the certificate can be used for client authentication.
 +
codeSigning: This indicates that the certificate can be used for code signing.
 +
emailProtection: This indicates that the certificate can be used for email protection (S/MIME).
 +
timeStamping: This indicates that the certificate can be used for timestamping.
 +
ocspSigning: This indicates that the certificate can be used for OCSP (Online Certificate Status Protocol) signing.
 +
anyExtendedKeyUsage: This indicates that the certificate can be used for any extended key usage purpose.
 +
You can specify multiple usages by separating them with commas in the extendedKeyUsage extension field. For example, to allow both server authentication and client authentication, you would use extendedKeyUsage = serverAuth,clientAuth.
 
```
 
```
  

Latest revision as of 15:07, 4 May 2024

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "subjectAltName = DNS:example.com,DNS:www.example.com,IP:192.168.1.2"


openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=example.com" -addext "extendedKeyUsage = clientAuth"

serverAuth: This indicates that the certificate can be used for server authentication.
clientAuth: This indicates that the certificate can be used for client authentication.
codeSigning: This indicates that the certificate can be used for code signing.
emailProtection: This indicates that the certificate can be used for email protection (S/MIME).
timeStamping: This indicates that the certificate can be used for timestamping.
ocspSigning: This indicates that the certificate can be used for OCSP (Online Certificate Status Protocol) signing.
anyExtendedKeyUsage: This indicates that the certificate can be used for any extended key usage purpose.
You can specify multiple usages by separating them with commas in the extendedKeyUsage extension field. For example, to allow both server authentication and client authentication, you would use extendedKeyUsage = serverAuth,clientAuth.
package main

import (
    "fmt"
    "io/ioutil"
    "net/http"
    "os"
    "os/exec"

    "github.com/labstack/echo/v4"
)

func main() {
    e := echo.New()

    e.POST("/generate-certificate", func(c echo.Context) error {
        // Generate a self-signed certificate using OpenSSL
        cmd := exec.Command("openssl", "req", "-x509", "-newkey", "rsa:4096", "-keyout", "key.pem", "-out", "cert.pem", "-days", "365", "-subj", "/CN=example.com")
        output, err := cmd.CombinedOutput()
        if err != nil {
            return c.String(http.StatusInternalServerError, fmt.Sprintf("Error generating certificate: %s", err))
        }
        return c.String(http.StatusOK, fmt.Sprintf("Certificate generated successfully:\n%s", output))
    })

    e.GET("/get-certificate/:filename", func(c echo.Context) error {
        // Serve generated certificate files
        filename := c.Param("filename")
        c.Response().Header().Set(echo.HeaderContentType, "application/x-pem-file")
        return c.File(filename)
    })

    e.Start(":8080")
}