通过一个例子说明客户端如何验证HTTPS服务端的证书信息。
类型浏览器如何验证WEB服务器的证书信息。
生成服务器端证书,以及CA证书
# generate ca certificate
$ openssl genrsa -out ca-key.pem 2048
$ openssl req -new -x509 -days 365 -key ca-key.pem -out ca-cert.pem -subj "/CN=ca"
# generate server certificate
$ openssl genrsa -out server-key.pem 2048
$ openssl req -new -key server-key.pem -out server-csr.pem -subj "/CN=localhost"
$ openssl x509 -req -days 3650 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
生成服务端证书server-cert.pem,(注意证书的common name是localhost),这个证书是通过CA证书ca-cert.pem签名的。
服务器端代码
$ cat server.go
package main
import (
"fmt"
"log"
"flag"
"net/http"
"crypto/tls"
"encoding/json"
"github.com/gorilla/mux"
)
var (
port int
hostname string
keyfile string
signcert string
)
func init() {
flag.IntVar(&port, "port", 8080, "The host port on which the REST server will listen")
flag.StringVar(&hostname, "hostname", "0.0.0.0", "The host name on which the REST server will listen")
flag.StringVar(&keyfile, "key", "", "Path to file containing PE