Stop saving test certificates in your code repos. Start generating them in your tests.
func TestFunc(t *testing.T) { // Create and write self-signed Certificate and Key to temporary files cert, key, err := testcerts.GenerateToTempFile("/tmp/") if err != nil { // do something } defer os.Remove(key) defer os.Remove(cert) // Start HTTP Listener with test certificates err = http.ListenAndServeTLS("127.0.0.1:443", cert, key, someHandler) if err != nil { // do something } }For more complex tests, you can also use this package to create a Certificate Authority and a key pair signed by that Certificate Authority for any test domain you want.
func TestFunc(t *testing.T) { // Generate Certificate Authority ca := testcerts.NewCA() go func() { // Create a signed Certificate and Key for "localhost" certs, err := ca.NewKeyPair("localhost") if err != nil { // do something } // Write certificates to a file err = certs.ToFile("/tmp/cert", "/tmp/key") if err { // do something } // Start HTTP Listener err = http.ListenAndServeTLS("localhost:443", "/tmp/cert", "/tmp/key", someHandler) if err != nil { // do something } }() // Create a client with the self-signed CA client := &http.Client{ Transport: &http.Transport{ TLSClientConfig: certs.ConfigureTLSConfig(ca.GenerateTLSConfig()), }, } // Make an HTTPS request r, _ := client.Get("https://localhost") }Simplify your testing, and don't hassle with certificates anymore.
If you find a bug or have an idea for a feature, please open an issue or a pull request.
testcerts is released under the MIT License. See LICENSE for details.