Hey everyone, Here comes the part-V of our Microservices in Go series of blogs. This would be a short blog, intended to help you run your HTTP API's on HTTPS. Before jumping into that, let's know what's HTTPS and why is it preferred over standard HTTP.

HTTP vs HTTPS

HTTP stands for Hypertext Transfer Protocol, whereas HTTPS stands for Hypertext transfer protocol secure. As it implies, HTTPS is secure than HTTP, as data transfer happens securely in HTTPS. Whereas, the HTTP protocol transfers data in plain text, thereby enabling eavesdroppers to read data over the network.

The security in HTTPS is powered by Transport Layer Security (TLS) which lacks in the HTTP protocol.

Turn Go HTTP server into HTTPS

To enable HTTPS, we need to get/generate TLS certificates, and use them to run over server securely. In this blog, we will use self signed certificates to do that.

The Transport Layer Security is based on public/private key encryption. To know more about TLS, visit this page of Wikipedia.

Generating self signed certificates

To generate self signed certs, you need openssl. There are different tools to generate, but we will use openssl in this blog. Run the below commands to generate public/private key pair.

openssl genrsa -out server.key 2048 openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

The first command generates a private key, which will be used to generate the public key i.e. '.crt' file. While generating the public key, the command prompts you for additional information. Do refer to the attached screenshot to fill in that info.

You can leave the email address to be empty. Once that's done, you should see two files server.key and server.crt generated.

Use Self signed certs to run HTTPS server

Clone our existing code locally if you're new to this series. Here's our GitHub repo. Once you have the code, change the server.ListenAndServe() to the following.

err := server.ListenAndServeTLS("server.crt", "server.key") if err != nil { 	fmt.Printf("Failed to start HTTPS server: %s", err.Error()) }

Before running the main.go, make sure you have the already generated certificates placed in the root of our source code. Now go ahead, and run our HTTPS server using the following command.

Note: You can find complete code on our GitHub repository.
go run .\main.go

Testing Time!

Open your favorite browser, and use this address to connect to our server. https://localhost:9090/products. You might see the page is insecure, don't worry and click on continue to localhost.

Tip: You can find our certificate information on clicking on the Not secure button, in the top right corner of your browser. Here's how it looks.
Certificate information

You should see the above content. That's obvious as we have authentication in place. If you want to check that out, visit this blog. But, why's the page insecure, because we have used self signed certificates. We might use a CA issued certificate during production if needed.

To make sure this worked, you should see any normally programmed HTTP/HTTPS client wouldn't be able to connect to our server. Then, How can we connect other services to this one?? No worries, I got you. We will see that in our upcoming blog. Until then, stay safe. Cheers ✌✌

 This free site is ad-supported. Learn more