Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

http.ListenAndServeTLS with multiple certificates

Tags:

https

ssl

go

How do I ListenAndServeTLS with multiple domains? I see the function accepts a cert and key file, but I believe the key file may only contain a single private key. I have a few private keys, for different certificate chains.

like image 797
Matt Joiner Avatar asked Aug 24 '15 05:08

Matt Joiner


1 Answers

http.ListenAndServeTLS is meant to be present a bare minimal configuration. If you want to add other options, you can create an http.Server with a custom tls.Config. You can then either manually map names in tls.Config.NameToCertificate, or call BuildNameToCertificate() to build the map programatically.

You can still use Server.ListenAndServeTLS however, since it will load the certs in the config as well a cert passed in via the methods args.

cfg := &tls.Config{}

cert, err := tls.LoadX509KeyPair("cert_one.pem", "key_one.pem")
if err != nil {
    log.Fatal(err)
}

cfg.Certificates = append(cfg.Certificates, cert)
// keep adding remaining certs to cfg.Certificates

cfg.BuildNameToCertificate()

server := http.Server{
    Addr:      "127.0.0.1:443",
    Handler:   myHandler,
    TLSConfig: cfg,
}

server.ListenAndServeTLS("", "")
like image 122
JimB Avatar answered Sep 28 '22 01:09

JimB