Menu
I would like request a certificate to the browser for authenticate members.
In nodejs we have something like http://nategood.com/nodejs-ssl-client-cert-auth-api-rest
I have read some articles about tls, but I don't really understand how use it...
361
Here is a short example of how to require client certificate. The trick is to manually create and configure the http.Server instead of using the utilitary routines.
package main
import (
"crypto/tls"
"fmt"
"net/http"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello cert")
})
server := &http.Server{
Addr: ":8090",
TLSConfig: &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
},
}
server.ListenAndServeTLS("cert.pem", "cert.key")
}
The important part is the tls.Config struct which control the way the server will behave with TLS. The field ClientAuth hold the client certificate policy, in our case Require a client certificate and verify it. Note that other policies are available…
You should also have a look at the ClientCAs field of the same struct, that allow you to use a list of root CA the client must verify against.
Note: I assume that you are also using a certificate server side to encrypt the communication. The server.ListenAndServeTLS method still do a lot of the work for you as a side-effect. If you don't need it, you will have to dive into this method to do it manually (and use the even-lower-level method server.Serve).
83
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
