|Two-way SSL||Iacob Nasca||8/28/13 10:00 AM|
I looked at every function in the http package but could not find any. Is there a way to make a two-way ssl call ?
There is an API that requires two-way ssl that I need to integrate with and I cannot for the life of me make it work. All I need to do is post a JSON to some secure endpoint but it seems I have to also encrypt my request with a certificate. The initial certificate they provided me with was a .jks and I managed to extract the private key and the certificate from it (that was a joy ride as well). As a side note here, is there a simple way to just use the .jks and not a suite of applications to convert it back to .pem ?
Anyway...back to the issue. The certificate they provided me is also password encrypted. I saw that encode/pem package provides a decryption method but the http package client certificate requires you to provide a certificate and a key as filenames and so it fails to apply the certificate/key pair since they are encrypted. How...how ?
|Re: [go-nuts] Two-way SSL||Kyle Lemons||8/28/13 11:40 AM|
All SSL connections are two-way. I assume you mean a connection in which both the client and server authenticate one another by their certificates.
Don't use ListenAndServeTLS if it's not precisely what you need; it's a pretty straightforward wrapper that you can copy, paste, and edit to suit your needs (including loading more certificates and/or from something other than a file).
|Re: [go-nuts] Two-way SSL||Iacob Nasca||8/28/13 11:49 AM|
I don't use ListenAndServe. I am the client. I use http.Post('https://.....), (well, not directly http.Post, I'm creating a http.Client because I need custom headers too). And my request must be signed by my client certificate as well.
|Re: [go-nuts] Two-way SSL||Kyle Lemons||8/28/13 12:02 PM|
|Re: [go-nuts] Two-way SSL||Iacob Nasca||8/28/13 12:10 PM|
I already tried with tls.LoadX509KeyPair("cert.pem", "key.pem") to load up the certificate and the key and obtain the the tls.Certificate but the key is password protected. They gave me the certificate and the password. But how do I decrypt it ? the tls doesn't have to many methods. Actually it only has two: LoadX509KeyPair(filename, filename string) and X509KeyPair(data, data byte).
|Re: [go-nuts] Two-way SSL||mb0||8/28/13 12:14 PM|
On 08/28/2013 09:10 PM, Iacob Nasca wrote:you can strip the password from the key with openssl. something like
this should work:
$ openssl rsa -in key.pem -out key.pem.unencrypted
hope that works for you!
|Re: [go-nuts] Two-way SSL||Iacob Nasca||8/28/13 12:32 PM|
Excellent. Thanks a lot mb0. I finally get an answer from the API other than 403.
They should add a new method to the tls package to accept a password as well. :)
|Re: [go-nuts] Two-way SSL||Iacob Nasca||8/29/13 12:36 AM|
k, this is for posterity in case anyone ever looks for something like this. A very simple example..
// in case response is gziped, run that through the gzip reader to de decompress
|Re: [go-nuts] Two-way SSL||j weir||8/29/13 2:08 PM|
On Thursday, August 29, 2013 3:36:35 AM UTC-4, Iacob Nasca wrote:
Thank you so much, I was just looking for some steps on getting this working. Perfect timing.