Skip to content

Instantly share code, notes, and snippets.

@groob

groob/ca-tls-server.md

Last active March 11, 2017 15:46
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save groob/01a40417e0176bd9ea8d473c8e381daa to your computer and use it in GitHub Desktop.
Save groob/01a40417e0176bd9ea8d473c8e381daa to your computer and use it in GitHub Desktop.
Download ZIP
quick CA server
Raw
ca-tls-server.md

create a CA and generate keys

# pull container for https://github.com/rcrowley/certified
docker pull groob/certified:latest
# create CA and intermediary CA; will prompty you for a password
docker run --rm -it --name certified -v $(pwd)/certs:/certified/etc -e GIT_USER=groob -e GIT_EMAIL=groob+github@gmail.com groob/certified certified-ca C="US" ST="NY" L="New York" O="Example" CN="groob-ca"
# create server cert
docker run --rm -it --name certified -v $(pwd)/certs:/certified/etc -e GIT_USER=groob -e GIT_EMAIL=groob+github@gmail.com groob/certified certified CN="servq.groob.io"
# create cert chain as server.crt
cat certs/ssl/certs/servq.groob.io.crt certs/ssl/certs/ca.crt certs/ssl/certs/root-ca.crt > server.crt
# copy the private key
cp certs/ssl/private/servq.groob.io.key server.key


# add root-ca.crt to os x system keychain trusted roots
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" certs/ssl/certs/root-ca.crt

build a go server

package main

import (
	"fmt"
	"log"
	"net/http"
	"net/http/httputil"
)

func handle(w http.ResponseWriter, r *http.Request) {
	dump, err := httputil.DumpRequest(r, true)
	if err != nil {
		log.Println(err)
		return
	}
	fmt.Println(string(dump))
}

func main() {
	certPath := "server.crt"
	keyPath := "server.key"
	http.HandleFunc("/", handle)
	log.Fatal(http.ListenAndServeTLS(":8000", certPath, keyPath, nil))
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment