Mattia de Filippo

Mattia de Filippo

Two way SSL REST API in Go

Introduction

Goal of this project is to create a simple REST API in Go with two way SSL authentication. So when a client (browser) connects to the server, the server will ask for a certificate and the client will ask for a certificate from the server. The endpoint will be https://go2wayssl.local/hello and will return Hello, World!. In short, the steps are:

  1. Generate keys and certificates
  2. Write the Go server
  3. Import certificates
  4. Edit hosts file

Generate keys and certificates

In order to continue, you will need the following files:

root-ca-cert.pem
root-ca-key.pem

intermediate-ca-key.pem
intermediate-csr.pem
intermediate-ca-cert.pem

client-key.pem
client-csr.pem
client-cert.pem

server-key.pem
serever-csr.pem
server-cert.pem

For the creation of those files, I followed this tutorial: https://jamielinux.com/docs/openssl-certificate-authority

Write the Go server

Go server code is available at: https://github.com/defilippomattia/misc/blob/main/go-2way-ssl/main.go

Place the intermediate-ca-cert.pem, server-cert.pem and server-key.pem in the same folder as the server code.

Run the server with go run main.go.

Import certificates

I’m on Windows, so I will import the certificates using certmgr.

I imported the root-ca-cert.pem in Trusted Root Certification Authorities store, and the intermediate-ca-cert.pem in Intermediate Certification Authorities store.

Before importing the client-cert.pem in the Personal store, I had to convert it to pfx format using the following command:

openssl pkcs12 -inkey <client-key.pem> -in client-cert.pem -export -out client-cert.pfx

Then I imported the client-cert.pfx in the Personal store.

Edit hosts file

I added the following line in the hosts file:

127.0.0.1 go2wayssl.local

With everything in place, I can now open the browser and go to https://go2wayssl.local/hello.

I will be prompted to select the client certificate:

client certificate selection

Once selected, I will see the message:

hello world