我想知道如何在GoLang Https服务器上使用godaddy的ssl证书。
目前我正在使用以下代码:
srv := &http.Server{
Addr: httpsPortStr,
Handler: n,
ReadTimeout: time.Duration(config.CfgIni.ReadTimeout) * time.Second,
WriteTimeout: time.Duration(config.CfgIni.WriteTimeout) * time.Second,
}
err := srv.ListenAndServeTLS(<CERTIFICATE_FILE>,<PRIVATE_KEY_FILE>)
我还有sf_bundle-g2-g1.crt。如何将其添加到证书链?
@ Vonc的回答非常有帮助,我最后遗漏了一件事。 我使用http.Server实例来更改ReadTimeout和WriteTimeout参数。我怎么能用tls做到这一点?
我之前的代码:
srv := &http.Server{
Addr: httpsPortStr,
Handler: n,
ReadTimeout: time.Duration(config.CfgIni.ReadTimeout) * time.Second,
WriteTimeout: time.Duration(config.CfgIni.WriteTimeout) * time.Second,
}
err := srv.ListenAndServeTLS(config.CfgIni.CertificateFile,config.CfgIni.PrivateKeyFile)
谢谢!
答案 0 :(得分:3)
您可以在full example here部分看到file-server-go
证书链应加载到x509.NewCertPool()
cert, err := tls.LoadX509KeyPair("certs/server.pem", "certs/server.key")
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
certpool := x509.NewCertPool()
pem, err := ioutil.ReadFile("certs/ca.pem")
if err != nil {
log.Fatalf("Failed to read client certificate authority: %v", err)
}
if !certpool.AppendCertsFromPEM(pem) {
log.Fatalf("Can't parse client certificate authority")
}
config := tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: certpool,
}
config.Rand = rand.Reader
service := "0.0.0.0:8000"
listener, err := tls.Listen("tcp", service, &config)
在您的情况下,ioutil.ReadFile("sf_bundle-g2-g1.crt")。
我正在使用http.Server实例来更改ReadTimeout和WriteTimeout参数
server := &http.Server{
Addr: "0.0.0.0:8000",
TLSConfig: tlsConfig,
ReadTimeout: time.Duration // maximum duration before timing out read of the request,
WriteTimeout: time.Duration // maximum duration before timing out write of the response
}
(用实际时间替换time.Duration)
然后:
err := server.ListenAndServeTLS(certFile, keyFile string)
log.Fatal(err)
注意ListenAndServeTLS始终返回非零错误。