1、证书的生成
生成证书的工具:https://github.com/FiloSottile/mkcert
CA机构的就是根证书,用CA机构来签发证书。
mkcert install就是安装根证书。其它的macert xxx(xxx指各种域名和ip) 生成的证书都是通过根证书来签发,macert xxx生成的证书只对xxx域名有效。
$ mkcert -install
Created a new local CA at "/Users/filippo/Library/Application Support/mkcert"
The local CA is now installed in the system trust store!
The local CA is now installed in the Firefox trust store (requires restart)!
$ mkcert example.com '*.example.org' myapp.dev localhost 127.0.0.1 ::1
Using the local CA at "/Users/filippo/Library/Application Support/mkcert"
Created a new certificate valid for the following names
- "example.com"
- "*.example.org"
- "myapp.dev"
- "localhost"
- "127.0.0.1"
- "::1"
The certificate is at "./example.com+5.pem" and the key at "./example.com+5-key.pem"
2、go代码实现 https
func main() {
r.RunTLS(":8000", "/Users/abc/example.com+5.pem", "/Users/abc/example.com+5-key.pem")
}
网友评论