How to set up HTTPS on golang web server?
Matthew Martinez 
I'm reading and bought an SSL certificate from Comodo which they emailed me a .zip file. All of the files I have so far look like this
csr.pem
private-key.pem
website.com.crt
website.com.ca-bundle
website.com.zipThe above website wants me to concatenate 3 .pem files which I don't have. Incidentally what is the reason the .pem files need to concatenated? Using the above files which haven't been modified, how can https be set up on a golang webserver?
5 Answers
Use
http.HandleFunc("/", handler)
log.Printf("About to listen on 10443. Go to ")
err := http.ListenAndServeTLS(":10443", "full-cert.crt", "private-key.key", nil)
log.Fatal(err)For Go you need one certificate file (containing one or more certs, starting with yours) and one private key file (containing one private key).
This isn't really a go question, but the intermediate certs are required because computers only store root certs. By concatenating them you put them all in one file so the browser gets all certs - this is a required step otherwise your server will fail on certain devices. Your cert provider will provide instructions for doing this.
To combine the certs you can just use cat (making sure they have a line feed at the end of the file first), something like:
cat example.com.ca-crt example.com.ca-bundle > example.com.crtYou need http.ListenAndServeTLS
package main
import ( // "fmt" // "io" "net/http" "log"
)
func HelloServer(w http.ResponseWriter, req *http.Request) { w.Header().Set("Content-Type", "text/plain") w.Write([]byte("This is an example server.\n")) // fmt.Fprintf(w, "This is an example server.\n") // io.WriteString(w, "This is an example server.\n")
}
func main() {
http.HandleFunc("/hello", HelloServer) err := http.ListenAndServeTLS(":443", "server.crt", "server.key", nil) if err != nil { log.Fatal("ListenAndServe: ", err) }
}Here’s a snippet:
2Here is my finding and I would like to share because it took me a few hours as all available installation guides were for Nginx and Apache HTTP configurations, not for the Golang Web Server.
Environments:
- SSL certificate from Comodo / Sectigo
- Gin-gonic as middleware
Issue:
- It was working fine on Chrome/Firefox on Mac but was giving me a CORS error on Windows Firefox. Later, it was found that it was not really a CORS related matter, and I diagnosed my ubuntu server of the SSL validity by using . The result was, "The certificate is not signed by a trusted authority (checking against Mozilla's root store)".
Solution:
The solution is to concatenate the following certificates by using a text editor and name it as you'd like. I saved it as "my_domain.txt".
- my_domain.ca-bundle (which includes one root and two intermediate certs)
- my_domain.crt (the main cert for my domain)
Then run it like this,
router.RunTLS(":"+os.Getenv("PORT"), "../my_domain.txt", "../my_private_key.txt")Hope it helped!
IF You Using Go language gin library then use this replace
r.run
Here
server.pem= Your SSL intermediate Root CA Certificate.server.key= Your SSL Key File.:8080= Your Listen port.
1
r.RunTLS(":8080", "./testdata/server.pem", "./testdata/server.key")
The library abstracts away the whole concept of keys and certificates. All you need is for the server to be reachable by the hostname (i.e. your DNS must point yourdomain.com to your-public-ip). You can even disable SSL for local development as follows:
ss, err := sslmgr.NewServer(sslmgr.ServerConfig{ Hostnames: []string{os.Getenv("yourdomain.com")}, Handler: h, ServeSSLFunc: func() bool { return strings.ToLower(os.Getenv("PROD")) == "true" },
})
if err != nil { log.Fatal(err)
}
ss.ListenAndServe()
