CODEWITHSUNDEEP
sslcurltls1.2
Ricardo Alonzo
Ricardo Alonzo

Reputation: 73

cURL a local GO server using a self signed certificate

So i have a simple GO server running on port 8080 using a self-signed certificate that i created with the following command:

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out local.crt -keyout local.key

When creating it i set the fields to these values: enter image description here
As you can see i skipped everything but the fully qualified host name which i set to go-auth

I started my go server using the local.key and local.crt files successfully.

I tried cURLing it like:

➜  certs git:(master) ✗ curl --proxy-cacert local.crt https://go-auth/
curl: (6) Could not resolve host: go-auth

➜  certs git:(master) ✗ curl --proxy-cacert local.crt https://localhost:8080/
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

After that i tried to get the certs from the running server and saving it to the cacert.pem file and tried again:

➜  certs git:(master) ✗ echo quit | openssl s_client -showcerts -servername go-auth -connect localhost:8080 > cacert.pem
depth=0 CN = go-auth
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = go-auth
verify return:1
DONE

➜  certs git:(master) ✗ curl --cacert cacert.pem https://go-auth/
curl: (6) Could not resolve host: go-auth

➜  certs git:(master) ✗ curl --proxy-cacert cacert.pem https://go-auth/
curl: (6) Could not resolve host: go-auth

At this point i don't know, i was trying to follow the answer to this question: Use self signed certificate with cURL? but did not get the desired result.

Upvotes: 1

Views: 3360

Answers (1)

alessiosavi
alessiosavi

Reputation: 3057

You can use the -k parameter in order to skip the certificate validation.

Your command have to be similar to the following one:

curl -vk https://localhost:8080/
  • -v enable some debug information
  • -k disable the certificate validation

If you want to enable the certificate validation, you have two way:

  • Add and trust the certificate to your current CA list
    By this way, you are going to "accept" your self signed certificate as a valid one, and you will be able to call the service (from your machine, obviously) using any type of HTTP client (Java, Go, cURL etc etc).

  • Use the --cacert parameter of the cURL command in order to specify the path related to the certificate to use in order to authenticate to the service.

Upvotes: 6

Related Questions