Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSL Client Authentication Golang sample
package main
import (
"crypto/tls"
"crypto/x509"
"flag"
"io/ioutil"
"log"
"net/http"
)
var (
certFile = flag.String("cert", "someCertFile", "A PEM eoncoded certificate file.")
keyFile = flag.String("key", "someKeyFile", "A PEM encoded private key file.")
caFile = flag.String("CA", "someCertCAFile", "A PEM eoncoded CA's certificate file.")
)
func main() {
flag.Parse()
// Load client cert
cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
if err != nil {
log.Fatal(err)
}
// Load CA cert
caCert, err := ioutil.ReadFile(*caFile)
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
// Setup HTTPS client
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
}
tlsConfig.BuildNameToCertificate()
transport := &http.Transport{TLSClientConfig: tlsConfig}
client := &http.Client{Transport: transport}
// Do GET something
resp, err := client.Get("https://goldportugal.local:8443")
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
// Dump response
data, err := ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatal(err)
}
log.Println(string(data))
}
@Xeoncross

This comment has been minimized.

Copy link

commented Jan 8, 2015

If you name it ____.go gist will highlight the code for you.

@kentoj

This comment has been minimized.

Copy link

commented May 21, 2015

Why doesn't the extra comma on line 38 cause an issue?

@mholt

This comment has been minimized.

Copy link

commented May 26, 2015

@kentoj That's correct Go syntax. Omitting the comma will cause a parse error.

@ghost

This comment has been minimized.

Copy link

commented Aug 27, 2015

What should be the file extensions for the certificate, key, and CA file?

@magiconair

This comment has been minimized.

Copy link

commented Nov 1, 2015

.pem ?

@SrinivasChilveri

This comment has been minimized.

Copy link

commented Nov 15, 2015

May I know how to generate these 3 configuration .pem files?

@gernest

This comment has been minimized.

Copy link

commented Jan 5, 2016

@SrinivasChilveri To generate self sigend .pem files run this

go run $GOROOT/src/crypto/tls/generate_cert.go

It will generate key.pem and cert.pem for you.

@unknownsuperuser

This comment has been minimized.

Copy link

commented Jan 8, 2016

Does this require ssl renegotiation?

@adisheshsm

This comment has been minimized.

Copy link

commented Jan 17, 2016

how to get/generate ca.pem file for testing purpose

@wmark

This comment has been minimized.

Copy link

commented Feb 14, 2016

@unknownsuperuser No, renegotiation is not required for this, nor is it implemented in Golang.

@adisheshsm Technically you don't need a CA.pem for client TLS authentication. You can get an exemplary full tree using my script, which you can download here: https://gist.github.com/wmark/c758ce1c2b8222afd69d (top right, »download ZIP«).

Just remember: Don't use golang for authentication using DH/RSA. (Writing this at a time when 1.6 is the most recent version.)

@brandong954

This comment has been minimized.

Copy link

commented Jul 28, 2016

Amazing! Thank you!

@VimleshS

This comment has been minimized.

Copy link

commented Aug 30, 2016

good read, Thanks

@denofiend

This comment has been minimized.

Copy link

commented Oct 13, 2016

nqs erro: certificate signed by unknown authority

@jeyaramashok

This comment has been minimized.

Copy link

commented Dec 9, 2016

Thank you!

@antman1p

This comment has been minimized.

Copy link

commented Feb 13, 2017

Can someone tell me what these 3 vars are made of exactly exactly?
certFile = flag.String("cert", "someCertFile", "A PEM eoncoded certificate file.")
keyFile = flag.String("key", "someKeyFile", "A PEM encoded private key file.")
caFile = flag.String("CA", "someCertCAFile", "A PEM eoncoded CA's certificate file.")

I don't understand if these are supposed to be paths to pem files or what.

@AlexGoja

This comment has been minimized.

Copy link

commented Mar 27, 2017

@antman1p most likely the path to the .pem files to be used as command line arguments. Something like <command> -cert=<path> -key=<path> -CA=<path>

@duckie

This comment has been minimized.

Copy link

commented Mar 2, 2018

Very nice snippet thank you !

@davenemeth

This comment has been minimized.

Copy link

commented Apr 5, 2018

It simply works as expected, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.