Setting Up HTTPS for Your Go Application with IIS Certificate

HTTPS Go Application

Securing your web application with HTTPS is crucial for protecting data in transit and ensuring the integrity and confidentiality of user communications. In this blog post, we’ll walk through the process of setting up HTTPS for a Go application using an SSL certificate generated by the Windows ACME Simple (WACS) tool.

Prerequisites

Before we begin, ensure you have the following:

  • A running Go application.
  • Administrator access to a Windows server with IIS installed.
  • OpenSSL installed on your system.

Step 1: Generate SSL Certificate with WACS

Windows ACME Simple (WACS) is a lightweight ACME client for Windows that simplifies the process of obtaining SSL certificates from Let’s Encrypt.

  1. Download and Install WACS:
  • Visit the WACS GitHub Releases page and download the latest version.
  • Extract the ZIP file to a directory on your Windows Server.
  1. Run WACS to Generate the Certificate:
  • Open Command Prompt and navigate to the WACS directory.
  • Run the WACS client:
    sh wacs.exe
  • Follow the prompts to create a new certificate with manual input:
    • Select “Create new certificate (advanced)”.
    • Select “Manually input host names”.
    • Enter the domain name you want to secure.
  1. Store the Certificate in a Centralized Certificate Store:
  • During the prompts, choose the option to use the Centralized Certificate Store.
  • Configure the Centralized Certificate Store path (e.g., C:\CentralizedSSLCertificates).

Step 2: Convert the .pfx File to .crt and .key Files

To use the certificate with your Go application, you need to extract the certificate and key files from the .pfx file using OpenSSL.

  1. Install OpenSSL:
  • Download and install OpenSSL for Windows from this link.
  1. Export the Certificate from the Centralized Certificate Store:
  • Open Command Prompt and navigate to the Centralized Certificate Store directory.
  • Run the following commands to export the certificate and private key:
    sh openssl pkcs12 -in your_certificate.pfx -nocerts -out private.key -nodes openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt

Step 3: Configure Your Go Application

Place the certificate.crt and private.key files in your Go project directory. Update your Go application to use these files for establishing a TLS connection.

  1. Update Your Go Code:
    Here’s an example of how to update your Go application to use the SSL certificate:
   package main

   import (
       "log"
       "net/http"
       "github.com/gin-gonic/gin"
   )

   func main() {
       r := gin.Default()

       // Your routes here
       r.GET("/", func(c *gin.Context) {
           c.String(http.StatusOK, "Hello, World!")
       })

       // Paths to the certificate and key files
       certFile := "C:\\path\\to\\your\\certificate.crt"
       keyFile := "C:\\path\\to\\your\\private.key"

       log.Printf("Starting HTTPS server with cert: %s and key: %s\n", certFile, keyFile)

       // Run HTTPS server
       err := r.RunTLS(":443", certFile, keyFile)
       if err != nil {
           log.Fatalf("Failed to start HTTPS server: %s\n", err)
       }
   }
  1. Run Your Go Application:
  • Open Command Prompt, navigate to your Go project directory, and run your application:
    sh go run main.go
  1. Test Your Application:
  • Open a web browser and navigate to https://your-domain.com to verify that your Go application is serving HTTPS traffic.

Conclusion

By following these steps, you can secure your Go application with HTTPS using a certificate generated by WACS with manual input and centralized certificate store. This process ensures that your application data is encrypted, enhancing security and trust for your users. Whether you are running your application on a local server or deploying it to production, securing your web traffic with HTTPS is an essential step in modern web development.

If you encounter any issues or have further questions, feel free to leave a comment below. Happy coding!