A pem file for TLS testing using a golang server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: localhost

I ran this command: openssl req -x509 -out localhost.crt -keyout localhost.key
-newkey rsa:2048 -nodes -sha256
-subj ‘/CN=localhost’ -extensions EXT -config ./ssl-config

Where ssl-config had the following …
distinguished_name = dn

This was based on your instructions … https://letsencrypt.org/docs/certificates-for-localhost/

N.B. The openssl command on that page is broken … I think it’s deep bash magic, but I think I worked out what it was intended to do.

It produced this output:

localhost.crt and localhost.key created as expected.

My web server is (include version): I’m using the go http package … the server works fine for http … but I need https when I deploy the code. The http go server (for TLS) expects a pem file, not a crt file (http.ServeAndListenTLS).

How do I make a .pem file from that .crt file?

Many thanks …

Geoff Russell

The operating system my web server runs on is (include version): Ubuntu 16.04.06 TLS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

They’re both PEM. It’s just:

err := http.ListenAndServeTLS(":443", "localhost.crt", "localhost.key", nil)
1 Like

Indeed, OpenSSL defaults to PEM.

No, it’s not:

osiris@erazer tmp $ ls -l localhost.*
ls: cannot access 'localhost.*': No such file or directory
osiris@erazer tmp $ openssl req -x509 -out localhost.crt -keyout localhost.key   -newkey rsa:2048 -nodes -sha256   -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Generating a RSA private key
writing new private key to 'localhost.key'
osiris@erazer tmp $ ls -l localhost.*
-rw-r--r-- 1 osiris osiris 1078 Aug 21 17:44 localhost.crt
-rw------- 1 osiris osiris 1704 Aug 21 17:44 localhost.key
osiris@erazer tmp $ 

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.