package main import ( "bytes" "crypto/rand" "crypto/rsa" "crypto/tls" "crypto/x509" "encoding/pem" "math/big" "net" "net/http" "os" "time" "fmt" ) func generateSelfSignedCert(host string) (tls.Certificate, error) { cert := &x509.Certificate{ SerialNumber: big.NewInt(0), NotBefore: time.Now(), NotAfter: time.Now().AddDate(10, 0, 0), ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, KeyUsage: x509.KeyUsageDigitalSignature, BasicConstraintsValid: true, } cert.DNSNames = []string{host} certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) if err != nil { return tls.Certificate{}, err } certBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &certPrivKey.PublicKey, certPrivKey) if err != nil { return tls.Certificate{}, err } certPEM := new(bytes.Buffer) pem.Encode(certPEM, &pem.Block{ Type: "CERTIFICATE", Bytes: certBytes, }) certPrivKeyPEM := new(bytes.Buffer) pem.Encode(certPrivKeyPEM, &pem.Block{ Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey), }) serverCert, err := tls.X509KeyPair(certPEM.Bytes(), certPrivKeyPEM.Bytes()) if err != nil { return tls.Certificate{}, err } return serverCert, err } type myHandler struct{ nreq int } func (h myHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { fmt.Printf("accepted request number %d", h.nreq) fmt.Fprintf(w, "request number: %d", h.nreq) } func main() { hostname, err := os.Hostname() if err != nil { fmt.Println(err) os.Exit(1) } cert, err := generateSelfSignedCert(hostname) if err != nil { fmt.Println(err) os.Exit(1) } tlsConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAnyClientCert, } srv := &http.Server{ Addr: ":8080", Handler: myHandler{nreq: 0}, ReadTimeout: 5 * time.Minute, WriteTimeout: 5 * time.Minute, IdleTimeout: 5 * time.Minute, ConnState: func(conn net.Conn, event http.ConnState) { fmt.Printf("addr: %s, changed state to: %s", conn.RemoteAddr(), event.String()) }, TLSConfig: tlsConfig, } srv.ListenAndServeTLS("", "") }