// 在go18-examples/stdlib/http2-push目录下，执行：

$go run $GOROOT/src/crypto/tls/generate_cert.go --host 127.0.0.1

2017/01/27 10:58:01 written cert.pem

2017/01/27 10:58:01 written key.pem

func ListenAndServeTLS

func ListenAndServeTLS(addr, certFile, keyFilestring, handlerHandler)error

ListenAndServeTLS acts identically to ListenAndServe, except that it expects HTTPS connections. Additionally, files containing a certificate and matching private key for the server must be provided. If the certificate is signed by a certificate authority, the certFile should be the concatenation of the server's certificate, any intermediates, and the CA's certificate.

A trivial example server is:

import ("log""net/http")func handler(w http.ResponseWriter, req *http.Request) {w.Header().Set("Content-Type", "text/plain")w.Write([]byte("This is an example server.\n"))}func main() {http.HandleFunc("/", handler)log.Printf("About to listen on 10443. Go tohttps://127.0.0.1:10443/")err := http.ListenAndServeTLS(":10443", "cert.pem", "key.pem", nil)log.Fatal(err)}

One can use generate_cert.go in crypto/tls to generate cert.pem and key.pem.

ListenAndServeTLS always returns a non-nil error.

进行公共CA证书转换：

openssl x509 -in 1_iot.syniot.cn_bundle.crt -out mycert.pem -outform PEM

openssl rsa -in 2_iot.syniot.cn.key -out mykey.pem -outform PEM