0

I'm creating a low level HTTP/2 server in Go and for testing I want to use a self-signed certificate. I'm using openssl and this command to generate my certs:

openssl req -x509 -newkey rsa:4096 -nodes -sha256 -subj /CN=localhost -keyout private.pem -out cert.pem

all seems well and when I curl -kv https://127.0.0.1:443 --http2-prior-knowledge I get this handshake

When I try to connect with chrome I get this error code NET::ERR_CERT_AUTHORITY_INVALID, of course I choose to continue, but my servers exits the connection with this could not read from connection:remote error: tls: unknown certificate.

I have tried making different certs but no luck. How can I have a TLS connection with my server and chrome?

Here is how I setup tls:

    cer, err := tls.LoadX509KeyPair("cert.pem", "private.pem")
    if err != nil {
        log.Println(err)
        return
    }

    config := &tls.Config{Certificates: []tls.Certificate{cer}}
    ln, err := tls.Listen("tcp", "localhost:443", config) 
    if err != nil {
        log.Println(err)
        return
    }
    defer ln.Close()
Luffy
  • 7
  • 5

1 Answers1

1

Chrome gives you NET::ERR_CERT_AUTHORITY_INVALID exactly because your certificate is self-signed. To make this work you would need to create your own CA (Certificate Authority), add it to Chrome as trusted and then sign your server certificate with that CA (so that Chrome can verify certificate was signed by trusted CA).

See how to do it here: Getting Chrome to accept self-signed localhost certificate

blami
  • 3,490
  • 1
  • 13
  • 19
  • hmm, I tried basically every method that is stated but all result in the same. Do you perhaps have a workaround / radical solution. I'm currently on windows 10 but dont mind migrating to a different OS if that helps. – Luffy Jan 22 '21 at 16:24