Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Using custom certificates with AppEngine
package main
import (
var tlsConfig *tls.Config
func init() {
var (
certFile = "cert.pem"
keyFile = "key.pem"
caFile = "ca.pem"
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
ca, err := ioutil.ReadFile(caFile)
if err != nil {
cpool := x509.NewCertPool()
if !cpool.AppendCertsFromPEM(ca) {
panic("could not append certs from pem")
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: cpool,
func client(c appengine.Context) *docker.Client {
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: tlsConfig,
Dial: func(network, addr string) (net.Conn, error) {
// This works around a bug with socker.Dial in dev env.
// See:
if appengine.IsDevAppServer() {
return net.Dial(network, addr)
return socket.Dial(c, network, addr)
return client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.