Two way SSL REST API in Go
Introduction
Goal of this project is to create a simple REST API in Go with two way SSL authentication. So when a client (browser) connects to the server, the server will ask for a certificate and the client will ask for a certificate from the server. The endpoint will be https://go2wayssl.local/hello
and will return Hello, World!
. In short, the steps are:
- Generate keys and certificates
- Write the Go server
- Import certificates
- Edit
hosts
file
Generate keys and certificates
In order to continue, you will need the following files:
root-ca-cert.pem
root-ca-key.pem
intermediate-ca-key.pem
intermediate-csr.pem
intermediate-ca-cert.pem
client-key.pem
client-csr.pem
client-cert.pem
server-key.pem
serever-csr.pem
server-cert.pem
For the creation of those files, I followed this tutorial: https://jamielinux.com/docs/openssl-certificate-authority
Write the Go server
Go server code is available at: https://github.com/defilippomattia/misc/blob/main/go-2way-ssl/main.go
Place the intermediate-ca-cert.pem
, server-cert.pem
and server-key.pem
in the same folder as the server code.
Run the server with go run main.go
.
Import certificates
I’m on Windows, so I will import the certificates using certmgr
.
I imported the root-ca-cert.pem
in Trusted Root Certification Authorities
store, and the intermediate-ca-cert.pem
in Intermediate Certification Authorities
store.
Before importing the client-cert.pem
in the Personal
store, I had to convert it to pfx
format using the following command:
openssl pkcs12 -inkey <client-key.pem> -in client-cert.pem -export -out client-cert.pfx
Then I imported the client-cert.pfx
in the Personal
store.
Edit hosts file
I added the following line in the hosts
file:
127.0.0.1 go2wayssl.local
With everything in place, I can now open the browser and go to https://go2wayssl.local/hello
.
I will be prompted to select the client certificate:
Once selected, I will see the message: