Menu
I have a server which has a rest API running over https. I want to make a call to this rest api in my application which is running in different port but since this is over https I am getting
Post https://localhost:8080/api/v1/myapi: x509: certificate signed by unknown authority
I have 2 files pulic_key.pem and private_key which can used to verify the certificate. How can verify certificate while sending rest request using golang? I am using &http.Client{} to send a rest request. Here is what I am doing to ignore the certificate right now.
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
720
Under Install and Manage SSL for your site (HTTPS), click Manage SSL Sites. Scroll down to the Install an SSL Website and click Browse Certificates. Select the certificate that you want to activate and click Use Certificate.
InsecureSkipVerify means that there is NO authentication; and it's ripe for a Man-In-The-Middle; defeating the purpose of using TLS.
You need to add CA of your certificate to your transport like:
package main import ( "crypto/tls" "io/ioutil" "log" "net/http" "crypto/x509" ) func main() { caCert, err := ioutil.ReadFile("rootCA.crt") if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) client := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ RootCAs: caCertPool, }, }, } _, err := client.Get("https://secure.domain.com") if err != nil { panic(err) } } But I guess you just haven't created CA to make your certificates. Here is the list of commands without explanation which can help you to make certificates signed with your own CA. For more information, you can Google it.
Generating CA
openssl genrsa -out rootCA.key 4096 openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt Generate certificate for secure.domain.com signed with created CA
openssl genrsa -out secure.domain.com.key 2048 openssl req -new -key secure.domain.com.key -out secure.domain.com.csr #In answer to question `Common Name (e.g. server FQDN or YOUR name) []:` you should set `secure.domain.com` (your real domain name) openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
