5

My current application starts a Go Gin web server using TLS and loads the cert and key from a local file system. I want to load these files from a cert store or I want to pass the certificate and private key as byte array instead of file path.

package main

import (
    "github.com/gin-gonic/gin"
)

func main() {
    g := gin.Default()
    g.GET("/hello/:name", func(c *gin.Context) {
        c.String(200, "Hello %s", c.Param("name"))
    })
    g.RunTLS(":3000", "./certs/server.crt", "./certs/server.key")
}
blackgreen
  • 34,072
  • 23
  • 111
  • 129
vidya k.s.
  • 131
  • 2
  • 5

1 Answers1

7

I could solve the problem after continuous debug. Here is the code for it


cert := &x509.Certificate{
        SerialNumber: big.NewInt(1658),
        Subject: pkix.Name{
            Organization:  []string{"ORGANIZATION_NAME"},
            Country:       []string{"COUNTRY_CODE"},
            Province:      []string{"PROVINCE"},
            Locality:      []string{"CITY"},
            StreetAddress: []string{"ADDRESS"},
            PostalCode:    []string{"POSTAL_CODE"},
        },
        NotBefore:    time.Now(),
        NotAfter:     time.Now().AddDate(10, 0, 0),
        SubjectKeyId: []byte{1, 2, 3, 4, 6},
        ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
        KeyUsage:     x509.KeyUsageDigitalSignature,
    }
    priv, _ := rsa.GenerateKey(rand.Reader, 2048)
    pub := &priv.PublicKey

    // Sign the certificate
    certificate, _ := x509.CreateCertificate(rand.Reader, cert, cert, pub, priv)

    certBytes := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certificate})
    keyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})

    // Generate a key pair from your pem-encoded cert and key ([]byte).
    x509Cert, _ := tls.X509KeyPair(certBytes, keyBytes)

    tlsConfig := &tls.Config{
            Certificates: []tls.Certificate{x509Cert}}
    server := http.Server{Addr: ":3000", Handler: router, TLSConfig: tlsConfig}

    glog.Fatal(server.ListenAndServeTLS("",""))
vidya k.s.
  • 131
  • 2
  • 5