Inspired from this github I am trying to make a https connection to a macos big sur(11.1)
I keep getting:
"Safari Can't Open the Page "mydomain.com" because Safari can't establish a secure connection to the server "mydomain.com"
Note you need openssl from brew
1.Create rootKey
openssl ecparam -name prime256v1 -genkey -noout -out rootCA.key
2.Create root certificate
/usr/local/opt/openssl/bin/openssl req -x509 -nodes -days 825
-key rootCA.key
-subj "/C=US/ST=CA/O=MyDomain, Inc./CN=mydomain.com"
-addext "extendedKeyUsage = serverAuth"
-out rootCA.crt
3.Create domain certificate
openssl ecparam -name prime256v1 -genkey -noout -out mydomain.com.key
4.Create Certificate Request
/usr/local/opt/openssl/bin/openssl req
-key mydomain.com.key
-subj "/C=US/ST=CA/O=Mydomain, Inc./CN=mydomain.com"
-addext "subjectAltName = IP:<x.x.x.x>,DNS:mydomain.com"
-out mydomain.com.csr
5.Generate certificate using CA Root certificate
openssl x509 -req -in mydoamin.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out mydomain.com.crt -days 825 -sha256
6.Add Certificate Authority to Keychain - on the machine connecting via Safari(just use the same machine)
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.crt
Sample go code - remember if you have firewall turned on, you need to give permission to incomming connection in settings/Security & Privacy "Firewall Options..." allow :
package main
import (
"crypto/tls"
"fmt"
"io/ioutil"
"log"
"net/http"
"time"
)
func main() {
server := &http.Server{
Addr: ":443",
ReadTimeout: 5 * time.Second,
WriteTimeout: 10 * time.Second,
TLSConfig: tlsConfig(),
}
//// Having this does not change anything but just showing.
//// go get -u golang.org/x/net/http2
//if err := http2.ConfigureServer(server, nil); err != nil {
// log.Fatal(err)
//}
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte(fmt.Sprintf("Protocol: %s", r.Proto)))
})
if err := server.ListenAndServeTLS("", ""); err != nil {
log.Fatal(err)
}
}
func tlsConfig() *tls.Config {
crt, err := ioutil.ReadFile("mydomain.com.crt")
if err != nil {
log.Fatal(err)
}
key, err := ioutil.ReadFile("mydomain.com.key")
if err != nil {
log.Fatal(err)
}
cert, err := tls.X509KeyPair(crt, key)
if err != nil {
log.Fatal(err)
}
return &tls.Config{
Certificates: []tls.Certificate{cert},
ServerName: "mydomain.com",
}
}
Go code writes:
tls: client using inappropriate protocol fallback