Beego实现HTTPS访问

用https的话，首先要生成ssl证书
生成ssl证书
SSL证书包括:

CA证书: 也叫根证书或者中间级证书，如果是单项https认证的话，该证书是可选的。不安装ca证书的话，浏览器默认是不安全的

服务器证书，必选项。通过key, 证书请求文件csr，在通过ca证书签名，生成服务器证书

客户端证书，可选项。如有客户端证书测试双向https验证

服务器证书的生成

生成服务器私钥

root@debian:~/https_crt/127.0.0.1# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................................++++++
..............................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

生成服务器证书请求(csr)
在生成csr文件的过程中，有一点很重要, Common Name 填入主机名（或者服务器IP）

root@debian:~/https_crt/127.0.0.1# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

---

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AAA
Organizational Unit Name (eg, section) []:OT
Common Name (e.g. server FQDN or YOUR name) []:127.0.0.1
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

删除私钥中密码
在第一步创建私钥的过程中，由于必须制定一个密码，而这个密码的副作用是，每次启动http服务的时候，都会要求输入密码，这会带来很大的不变。可以通过以下方式删除私钥中密码

root@debian:~/https_crt/127.0.0.1# cp server.key server.key.org
root@debian:~/https_crt/127.0.0.1# openssl rsa -in server.key.org -out server.key

生成服务器证书
如果你不想花钱让ca签名，那么可以以下方式生成一个自签名的证书

root@debian:~/https_crt/127.0.0.1# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=Shanghai/L=Shanghai/O=AAA/OU=OT/CN=127.0.0.1
Getting Private key

查看证书内容
签名证书之后，可以通过以下方式查看服务器证书的内容
root@debian:~/https_crt/127.0.0.1# openssl x509 -noout -text -in server.crt

修改beego配置
ssl证书完毕之后，修改beego里面相应配置，设置https端口，以及证书路径

修改配置文件
打开conf/app.conf配置文件，加入https相关配置
EnableDocs = true
EnableHTTPS=true
EnableHttpTLS = true
HttpsPort = 8010
HTTPSCertFile = "conf/server.crt"
HTTPSKeyFile = "conf/server.key"

证书就放在app.conf里面配置的目录就行