如何使用证书golang发送https请求 [英] How to send a https request with a certificate golang

问题描述

我有一台服务器，它有一个运行在https上的休息API。我想在我的应用程序中调用这个休息API，这是在不同的端口上运行的，但是因为这是https，我得到了

 发布https：// localhost：8080 / api / v1 / myapi：x509：由未知权威机构签署的证书
  

我有2个文件pulic_key.pem和private_key可用于验证证书。如何使用golang发送休息请求时验证证书？我正在使用& http.Client {} 发送休息请求。这是我现在正在做的忽略证书。

  tr：=& http.Transport {
 TLSClientConfig：& tls.Config {InsecureSkipVerify：true}，
} 
 
 client：=& http.Client {Transport：tr} 
  
  
 
 $您需要将证书的CA添加到您的交通工具中，如： 
 
 
  package main 
 
 import（
crypto / tls
io / ioutil
日志
net / http
crypto / x509
）
 
 func main（）{
 caCert，err：= ioutil.ReadFile （rootCA.crt）
 if err！= nil {
 log.Fatal（err）
} 
 caCertPool：= x509.NewCertPool（）
 caCertPool。 AppendCertsFromPEM（caCert）
 
 client：=& http.Client {
 Transport：& http.Transport {
 TLSClientConfig：& tls.Config {
 RootCAs ：caCertPool，
}，
}，
 } 
 
 _，err：= client.Get（https://secure.domain.com）
 if err！= nil {
 panic（err）
 
 
 $ / code> 
但是我想你只是没有创建CA来让你的证书。以下是无需解释的命令列表，可帮助您使用自己的CA签署证书。  
 
 
 
 
 
生成CA 
  openssl genrsa -out rootCA.key 4096 
 openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt 
  secure.domain.com 生成证书
    p> 
 
 
  openssl genrsa -out secure.domain.com.key 2048 
 openssl req -new -key secure.domain.com。 key -out secure.domain.com.csr 
＃回答问题`通用名称（例如服务器FQDN或您的名字）[]：`您应该设置`secure.domain.com`（您的真实域名） 
 openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt 
  
  
 
 
I have a server which has a rest API running over https. I want to make a call to this rest api in my application which is running in different port but since this is over https I am getting 
Post https://localhost:8080/api/v1/myapi: x509: certificate signed by unknown authority
I have 2 files pulic_key.pem and private_key which can used to verify the certificate. How can verify certificate while sending rest request using golang? I am using &http.Client{} to send a rest request. Here is what I am doing to ignore the certificate right now.
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

client := &http.Client{Transport: tr}

解决方案
You need to add CA of your certificate to your transport like:
package main

import (
    "crypto/tls"
    "io/ioutil"
    "log"
    "net/http"
    "crypto/x509"
)

func main() {
    caCert, err := ioutil.ReadFile("rootCA.crt")
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs:      caCertPool,
            },
        },
    }

    _, err := client.Get("https://secure.domain.com")
    if err != nil {
        panic(err)
    }
}
But I guess you just haven't created CA to make your certificates. Here is the list of commands without explanation which can help you to make certificates signed with your own CA. For more information, you can Google it.

Generating CA
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt

Generate certificate for secure.domain.com signed with created CA
openssl genrsa -out secure.domain.com.key 2048
openssl req -new -key secure.domain.com.key -out secure.domain.com.csr
#In answer to question `Common Name (e.g. server FQDN or YOUR name) []:` you should set `secure.domain.com` (your real domain name)
openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt



                        
这篇关于如何使用证书golang发送https请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！