crypto/tls/generate_cert.go: Should it be used? And how can it be used?
1,153 views
Skip to first unread message
Jeroen N. Witmond
Nov 29, 2020, 4:09:24 PM11/29/20
to golang-nuts
Greetings,
The documentation https://golang.org/pkg/net/http/#example_ListenAndServeTLS states
(in the example's comment) "One can use generate_cert.go in crypto/tls to generate cert.pem and key.pem."
In trying to find out how to do this I came across (closed) https://github.com/golang/go/issues/19900 As a result I found another way to invoke it: go run `locate generate_cert.go` --host 127.0.0.1 --rsa-bits=2048 --ca
Should the comment in the example of https://golang.org/pkg/net/http/#example_ListenAndServeTLS be changed to be more exact in the way crypto/tls/generate_cert.go can be invoked? Or should crypto/tls/generate_cert.go not be referred to at all?
Should I open an issue about this?
Jeroen.
b.ca...@pobox.com
Nov 29, 2020, 4:59:25 PM11/29/20
to golang-nuts
On Sunday, 29 November 2020 at 21:09:24 UTC Jeroen N. Witmond wrote:
go run `locate generate_cert.go` --host 127.0.0.1 --rsa-bits=2048 --ca
That will only work if there's exactly one instance of generate_cert.go on your filesystem.
A better command is:
go run "$(go env GOROOT)/src/crypto/tls/generate_cert.go" ...etc
Or you can just download generate_cert.go directly from github.
Or should crypto/tls/generate_cert.go not be referred to at all?
I think it's helpful to mention it. It's not hard to find - after all, it does say it's in crypto/tls.
a2800276
Nov 30, 2020, 7:21:19 AM11/30/20
to golang-nuts
On Sunday, 29 November 2020 at 22:09:24 UTC+1 Jeroen N. Witmond wrote:
In trying to find out how to do this I came across (closed) https://github.com/golang/go/issues/19900 As a result I found another way to invoke it: go run `locate generate_cert.go` host 127.0.0.1 --rsa-bits=2048 --ca
> Should the comment in the example of https://golang.org/pkg/net/http/#example_ListenAndServeTLS be changed to be more exact in the way crypto/tls/generate_cert.go can be
> invoked? Or should crypto/tls/generate_cert.go not be referred to at all?
> invoked? Or should crypto/tls/generate_cert.go not be referred to at all?
I think rsc's comment in the issue says it all:
> I don't think we have committed to writing a cert generation tool appropriate for production use. The generate_cert.go program is a simple program for writing tests.
Typically, you would use openssl to generate production certs. You could use the functionality in `crypto/tls` to write your own tool, though.
And if you want to distribute a binary, 'go build `locate generate_cert.go`' (taking into account the caveat about more than one file with that name mentioned above.)
My feeling is that the documentation in ListenAndServeTLS (which is an inline comment in example code) is meant more as a helpful hint on how to generate a quick and dirty certificate for testing.
-tim
Reply all
Reply to author
Forward
0 new messages