DevOps Articles

Practical unit-testing web client in Go - part 2

Testing webserver with TLS In the previous post, I overviewed how to practically test web client in go. The next step, I want to test a web server with self-signed certificates. To cover this use-case, we need to: Create self-signed certificates, with SAN property of 127.0.0.1. Start the testing webserver using this certificate. Configure my client to trust the RootCA. Most of the people, when they reach this stage of testing, usually bend corners. You can simply disable the TLS verification with &tls.Config{InsecureSkipVerify: true} and be done with it. I can’t. Can’t treat security precautions with no care; this is a package that works with a Secret Manager. In my case, testing the client works with self-signed certificate is significant. Create self-signed certificates Luckily, there’s a great github repository that covers the creation of certificates: https://github.com/jcbsmpsn/golang-https-example The repo contains solutions to common issues raised when trying to achieve this task. If you encounter any errors during this procedure, go check it out. To create certificates: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 # Create CA key + certificate openssl req \ -newkey rsa:2048 \ -nodes \ -days 3650 \ -x509 \ -keyout ca.key \ -out ca.crt \ -subj "/CN=*" # Create server certificate request and key openssl req \ -newkey rsa:2048 \ -nodes \ -keyout server.key \ -out server.csr \ -subj "/C=GB/ST=London/L=London/O=libvault consultants/OU=IT Department/CN=*" # Sign the server certificate request with the CA key # adding SAN IP openssl x509 \ -req \ -days 365 \ -sha256 \ -in server.csr \ -CA ca.crt \ -CAkey ca.key \ -CAcreateserial \ -out server.crt \ -extfile