Menu
I have multiple domain (let's say abc.com and xyz.org) with diffrent certificate. Is it possible to use key and certificate based on hostname without going deep low level and net.Listen, etc. Just using simple http.ListenAndServeTLS(...) or similar ? Basically like what nginx does.
226
The simple answer is a resounding Yes! You absolutely can use one SSL certificate for multiple domains — or one SSL certificate for multiple subdomains in addition to domains.
Go HTTP Server Create a HTTPS Server req Use the certificate request tool. x509 Creates a self-signed certificate. newkey rsa:4096 Creates a new key and certificate by using the RSA algorithms with 4096 bit key length. sha256 Forces the SHA256 hashing algorithms which major browsers consider as secure (at the year 2017 ...
What Does Multi-Domain SSL Mean? A multi-domain SSL is a unique type of SSL certificate which secures the user's main external domain and several additional DNS names, generally known as subject alternative names (SANs).
Transport Layer Security (TLS) certificates—most commonly known as SSL, or digital certificates—are the foundation of a safe and secure internet. TLS/SSL certificates secure internet connections by encrypting data sent between your browser, the website you're visiting, and the website server.
BuildNameToCertificate() will sniff the hostname from the cert. If none match the SNI info it serves the [0]. https://golang.org/src/crypto/tls/common.go?s=18204:18245#L947
Update for Go 1.14 - see https://github.com/golang/go/commit/eb93c684d40de4924fc0664d7d9e98a84d5a100b
package main
import (
"crypto/tls"
"net/http"
"time"
"log"
)
func myHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("tls"))
}
func main() {
t := log.Logger{}
var err error
tlsConfig := &tls.Config{}
tlsConfig.Certificates = make([]tls.Certificate, 3)
// go http server treats the 0'th key as a default fallback key
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair("test0.pem", "key.pem")
if err != nil {
t.Fatal(err)
}
tlsConfig.Certificates[1], err = tls.LoadX509KeyPair("test1.pem", "key.pem")
if err != nil {
t.Fatal(err)
}
tlsConfig.Certificates[2], err = tls.LoadX509KeyPair("test2.pem", "key.pem")
if err != nil {
t.Fatal(err)
}
// as of go 1.14 this line is no longer needed
// load the certs as above and skip BuildNameToCertificate()
tlsConfig.BuildNameToCertificate()
http.HandleFunc("/", myHandler)
server := &http.Server{
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
TLSConfig: tlsConfig,
}
listener, err := tls.Listen("tcp", ":8443", tlsConfig)
if err != nil {
t.Fatal(err)
}
log.Fatal(server.Serve(listener))
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
