> using a self-signed certificate > without the browser complaining that the certificate is invalid
By default, browsers trust certificates signed by Certificate Authorities (CA) in the system cert store. CAs can get added if they pass certain requirements. Typically they will only sign certificates after you've demonstrated control over a domain name, either with a public HTTP or TLS server or with DNS records. Running in a private network, you could use the DNS option, but all certs issued this way will be logged publicly via Certificate Transparency. If you have some control over the end (clients) systems, you could instead add your own CAs to the system cert store. This will allow you to sign certificates for any address (domain or IP), at the cost of needing to distribute the CA certificates to all your systems. ACME is the standard protocol to automate signing certificates by demonstrating control, if you run your own compatible CA in within your private network, you can do this without leaking information to the public. Unless you wish to distribute each self signed certificate to every client, by definition they cannot be trusted by default. - sean -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAGabyPq3y5VTKx7dg8sUd-wEJpVTi7HZHyJ0ofG3X1JEGLWWVQ%40mail.gmail.com.
