Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
211 views
in Technique[技术] by (71.8m points)

go - How to trust self-signed certificate

As title, is there a way to trust self-signed certificate in Go? Scenario description: I set up a https server, which use self-signed certificate. When I want to call this server with a go client, go need to trust this self-signed certificate.

question from:https://stackoverflow.com/questions/66056820/how-to-trust-self-signed-certificate

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Trusting self-signed certificate (server presents itself with) means that https client must be able to verify that self-signed certificate was issued by a trusted authority - that is CA used to sign server certificate needs to be verified by client against the list of trusted CAs. This list can be either managed by client itself or client might leverage operating system trusted CA store to get this list.

First option where client trusts extra CA not trusted by operating system can be achieved by getting operating system trusted certs and appending extra CA cert in there like this:

    rootCAs, _ := x509.SystemCertPool()
    // handle case where rootCAs == nil and create an empty pool...
    if ok := rootCAs.AppendCertsFromPEM(cert); !ok {
       ...
    }

    config := &tls.Config{
        InsecureSkipVerify: *insecure,
        RootCAs:            rootCAs,
    }
    tr := &http.Transport{TLSClientConfig: config}
    client := &http.Client{Transport: tr}

Second option depends on the operating system (you don't specify which OS you are working on). On e.g. Linux Go looks for trusted CAs in these locations so you need to install CA used to sign server certificate there (this differs by OS or even distribution of OS - you will find how to do that in OS documentation).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...