Godaddy与GoLang的ssl证书 [英] godaddy's ssl certificate with GoLang
问题描述
目前我正在使用以下代码:
srv:=& http.Server {
Addr:httpsPortStr,
Handler:n,
ReadTimeout:time.Duration (config.CfgIni.ReadTimeout)* time.Second,
WriteTimeout:time.Duration(config.CfgIni.WriteTimeout)* time.Second,
}
err:= srv.ListenAndServeTLS(< ; CERTIFICATE_FILE>,< PRIVATE_KEY_FILE>)
我还有 sf_bundle-g2 -g1.crt
。如何将它添加到证书链中?
更新
@ Vonc的答案非常有用,我我只想念最后一件事。
我使用http.Server实例来更改ReadTimeout和WriteTimeout参数。
我以前的代码为:
srv:=& http.Server {
Addr:httpsPortStr,
Handler:n,
ReadTimeout:time.Duration(config.CfgIni.ReadTimeout)* time.Second,
WriteTimeout:time.Duration(config.CfgIni.WriteTimeout)* time.Second,
}
err:= srv.ListenAndServeTLS(config.CfgIni.CertificateFile,config.CfgIni.PrivateKeyFile)
谢谢!
file-server-go
部分。 > 应该在
x509中加载证书链。 NewCertPool()
cert,err:= tls.LoadX509KeyPair(certs / server.pem, )
if err!= nil {
log.Fatalf(server:loadkeys:%s,err)
}
certpool := x509.NewCertPool()
pem,err:= ioutil.ReadFile(certs / ca.pem)
if err!= nil {
log.Fatalf(Failed to read客户端证书颁发机构:%v,err)
}
if!certpool.AppendCertsFromPEM(pem){
log.Fatalf(无法解析客户端证书颁发机构)
}
config:= tls.Config {
证书:[] tls.Certificate {cert},
ClientAuth:tls.RequireAndVerifyClientCert,
ClientCAs:certpool,
}
config.Rand = rand.Reader
service:=0.0.0.0:8000
listener,err:= tls.Listen(tcp,service,& config)
在你的情况下, ioutil.ReadFile(sf_bundle-g2- g1.crt)
。
我使用http.Server实例来更改ReadTimeout和WriteTimeout参数
server:=& http.Server {
Addr:0.0.0.0:8000,
TLSConfig:tlsConfig,
ReadTimeout:time.Duration //超时读取请求前的最大持续时间,
WriteTimeout:time.Duration //超时前写入响应的最大持续时间
}
(用实际时间替换 time.Duration
)
然后:
err:= server.ListenAndServeTLS(certFile,keyFile string)
pre>
log.Fatal(err)
注意
ListenAndServeTLS
总是返回一个非零错误。I'm wondering how to use godaddy's ssl certificate with GoLang Https server.
currently I'm using the following code:
srv := &http.Server{ Addr: httpsPortStr, Handler: n, ReadTimeout: time.Duration(config.CfgIni.ReadTimeout) * time.Second, WriteTimeout: time.Duration(config.CfgIni.WriteTimeout) * time.Second, } err := srv.ListenAndServeTLS(<CERTIFICATE_FILE>,<PRIVATE_KEY_FILE>)
I still have
sf_bundle-g2-g1.crt
. how do I add it to the chain of certificates ?update
@Vonc's answer is really helpful, i'm just missing one last thing. I'm using http.Server instance in order to change ReadTimeout and WriteTimeout parameters. how can I do this with the tls ?
My previous code for this:
srv := &http.Server{ Addr: httpsPortStr, Handler: n, ReadTimeout: time.Duration(config.CfgIni.ReadTimeout) * time.Second, WriteTimeout: time.Duration(config.CfgIni.WriteTimeout) * time.Second, } err := srv.ListenAndServeTLS(config.CfgIni.CertificateFile,config.CfgIni.PrivateKeyFile)
thanks!
解决方案You can see a full example here in the
file-server-go
section.
The chain of certificate should be loaded in ax509.NewCertPool()
cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key") if err != nil { log.Fatalf("server: loadkeys: %s", err) } certpool := x509.NewCertPool() pem, err := ioutil.ReadFile("certs/ca.pem") if err != nil { log.Fatalf("Failed to read client certificate authority: %v", err) } if !certpool.AppendCertsFromPEM(pem) { log.Fatalf("Can't parse client certificate authority") } config := tls.Config{ Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: certpool, } config.Rand = rand.Reader service := "0.0.0.0:8000" listener, err := tls.Listen("tcp", service, &config)
In your case,
ioutil.ReadFile("sf_bundle-g2-g1.crt")
.I'm using http.Server instance in order to change ReadTimeout and WriteTimeout parameters
server := &http.Server{ Addr: "0.0.0.0:8000", TLSConfig: tlsConfig, ReadTimeout: time.Duration // maximum duration before timing out read of the request, WriteTimeout: time.Duration // maximum duration before timing out write of the response }
(replace
time.Duration
with the actual time)Then:
err := server.ListenAndServeTLS(certFile, keyFile string) log.Fatal(err)
Note
ListenAndServeTLS
always returns a non-nil error.这篇关于Godaddy与GoLang的ssl证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!