Hello, The issue is resolved.
Golang automatically search the CA's at appropriate path <https://stackoverflow.com/questions/40051213/where-is-golang-picking-up-root-cas-from> in case of unix flavored machines But, in case of os esp. windows I don't find any possibility or doc for guiding a process to trust mmc based CA's. We just have to merge the certs like this: -----BEGIN CERTIFICATE----- YOUR CERT YOUR CERT YOUR CERT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- SOME INTERMEDIATE CERT SOME INTERMEDIATE CERT SOME INTERMEDIATE CERT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ANOTHER INTERMEDIATE CERT ANOTHER INTERMEDIATE CERT ANOTHER INTERMEDIATE CERT ANOTHER INTERMEDIATE CERT -----END CERTIFICATE----- and use it as single one with this method(there are other ways also available). ```` ListenAndServeTLS() ````` For more details check these articles: http.ListenAndServeTLS with multiple certificates <https://stackoverflow.com/questions/32175300/http-listenandservetls-with-multiple-certificates> How to provide CA certs for ListenAndServeTLS function <https://stackoverflow.com/questions/34689277/how-to-provide-ca-certs-for-listenandservetls-function/49354072> On Monday, 28 September 2020 at 19:30:40 UTC+5:30 smartaq...@gmail.com wrote: > Team, > > Hi all, hope you're doing well. > > I have hosted a small api on windows 10 machine which I'm using as a > webhook receiver. The CA authority of webhook sender is different from the > CA authority of the golang api. > > Code of API is:- > > ----------------------------------------------------------------------------------- > func main() { > caCertPool := x509.NewCertPool() > caCert2, _ := ioutil.ReadFile(" <ca authorities chain>.pem ") > caCertPool.AppendCertsFromPEM(caCert2) > tlsConfig := &tls.Config{ > RootCAs: caCertPool, > InsecureSkipVerify: false, //tried with true and > false both > ClientCAs: caCertPool, //tried by giving and > removing this property as well. > } > tlsConfig.BuildNameToCertificate() > > > srv := &http.Server{Addr: ":443", TLSConfig: tlsConfig, Handler: > http.HandlerFunc(handle)} > log.Fatal(srv.ListenAndServeTLS("certificate.crt", "certificate.key")) > } > > func handle(w http.ResponseWriter, r *http.Request) { > // Log the request protocol > log.Printf("Got connection: %s", r.Proto) > // Send a message back to the client > w.Write([]byte("Hello")) > } > > ------------------------------------------------------------------------------------------ > > *"<ca authorities chain>.pem" * :- this has the chain of all CA including > webhook sender > *"certificate.crt "* :- this certificate has complete root chain of other > CA > > Still whenever I'm trying to make a call from webhook sender(github) to my > api a tls handshake error occurs. > > Error at webhook sender side:- *Peer certificate cannot be authenticated > with given CA certificates webhook* > > Error at webhook receiver side:- *TLS handshake error* > > The moment I've used another certificate in the method > *ListenAndServeTLS, *created with the CA authority same as that of > webhook sender, everything worked fine. > > In production, we're not allowed to make any certificate in that CA. Can > anyone suggest me the procedure of trusting other CA's in case of windows > machines with golang. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/d89c1a25-c341-49eb-92fb-551cab8fa3c1n%40googlegroups.com.
