How to send a https request with a certificate golang

rest ssl go

34,338

You need to add CA of your certificate to your transport like:

package main

import (
    "crypto/tls"
    "io/ioutil"
    "log"
    "net/http"
    "crypto/x509"
)

func main() {
    caCert, err := ioutil.ReadFile("rootCA.crt")
    if err != nil {
        log.Fatal(err)
    }
    caCertPool := x509.NewCertPool()
    caCertPool.AppendCertsFromPEM(caCert)

    client := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: &tls.Config{
                RootCAs:      caCertPool,
            },
        },
    }

    _, err := client.Get("https://secure.domain.com")
    if err != nil {
        panic(err)
    }
}

But I guess you just haven't created CA to make your certificates. Here is the list of commands without explanation which can help you to make certificates signed with your own CA. For more information, you can Google it.

Generating CA

openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -key rootCA.key -days 3650 -out rootCA.crt

Generate certificate for secure.domain.com signed with created CA

openssl genrsa -out secure.domain.com.key 2048
openssl req -new -key secure.domain.com.key -out secure.domain.com.csr
#In answer to question `Common Name (e.g. server FQDN or YOUR name) []:` you should set `secure.domain.com` (your real domain name)
openssl x509 -req -in secure.domain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -days 365 -out secure.domain.com.crt

34,338

Author by

codec

Updated on February 02, 2022

Comments

codec over 2 years
I have a server which has a rest API running over https. I want to make a call to this rest api in my application which is running in different port but since this is over https I am getting
```
Post https://localhost:8080/api/v1/myapi: x509: certificate signed by unknown authority
```
I have 2 files pulic_key.pem and private_key which can used to verify the certificate. How can verify certificate while sending rest request using golang? I am using &http.Client{} to send a rest request. Here is what I am doing to ignore the certificate right now.
```
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

client := &http.Client{Transport: tr}
```
Eddy Hernandez over 6 years

If I understand correctly if you add InsecureSkipVerify you allow the client to verify the server's certificate instead of yours, and your caCertPool is ignored. Please correct me if I'm wrong.
Eddy Hernandez over 6 years

I think ServerName is required in &tls.Config{}
Scott Stensland almost 6 years

this code runs fine so when hitting a domain using letsencrypt just give it your public key cert.pem file
Brent Bradburn over 4 years

Use SystemCertPool instead of NewCertPool to keep existing certs.
Mohamed Elbahja almost 4 years

How you can verify that your response actually from "example.com" and not hijacked?
infiniteLearner almost 3 years

Using wireshark.