[go-nuts] http server unable to authorize other CA authorities on windows

Mon, 28 Sep 2020 07:01:22 -0700 

Team,

Hi all, hope you're doing well.

I have hosted a small api on windows 10 machine which I'm using as a 
webhook receiver. The CA authority of webhook sender is different from the 
CA authority of the golang api.

Code of API is:-
-----------------------------------------------------------------------------------
func main() {    
    caCertPool := x509.NewCertPool()  
    caCert2, _ := ioutil.ReadFile(" <ca authorities chain>.pem  ")
    caCertPool.AppendCertsFromPEM(caCert2)
    tlsConfig := &tls.Config{
        RootCAs:            caCertPool,
        InsecureSkipVerify: false,                //tried with true and 
false both
        ClientCAs:          caCertPool,          //tried by giving and 
removing this property as well.
    }
    tlsConfig.BuildNameToCertificate()

srv := &http.Server{Addr: ":443", TLSConfig: tlsConfig, Handler: 
http.HandlerFunc(handle)}
log.Fatal(srv.ListenAndServeTLS("certificate.crt", "certificate.key"))
}

func handle(w http.ResponseWriter, r *http.Request) {
    // Log the request protocol
    log.Printf("Got connection: %s", r.Proto)
    // Send a message back to the client
    w.Write([]byte("Hello"))
}
------------------------------------------------------------------------------------------

*"<ca authorities chain>.pem" * :- this has the chain of all CA including 
webhook sender  
*"certificate.crt "* :- this certificate has complete root chain of other CA

Still whenever I'm trying to make a call from webhook sender(github) to my 
api a tls handshake error occurs.

Error at webhook sender side:- *Peer certificate cannot be authenticated 
with given CA certificates webhook*

Error at webhook receiver side:- *TLS handshake error*

The moment I've used another certificate in the method *ListenAndServeTLS, 
*created 
with the CA authority same as that of webhook sender, everything worked 
fine. 

In production, we're not allowed to make any certificate in that CA. Can 
anyone suggest me the procedure of trusting other CA's in case of windows 
machines with golang.

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/5e0c5369-6f1f-42ce-819b-514ca9c4216bn%40googlegroups.com.

Reply via email to