<p>Hi everybody!</p>
<p>I'm working on setting up a system that will generate a cert/key.pem pair for users upon registering with the system. I have a http.Server running with the "ListenAndServeTLS()" function, to handle these requests.</p>
<p>My confusion comes from the fact that 'ListenAndServeTLS()' requires 2 arguments: a certificate file, and a key file. So, this being said... how do I append certificates to the running server as they are generated? The goDocs page for this function states that the cert/key file arguments 'must' be included - so I get the impression that I cannot retroactively add certificates to it?</p>
<p>Any advice/suggestions or any other form of input is appreciated. Thank you :)</p>
<hr/>**评论:**<br/><br/>mwholt: <pre><p>You need to use the <a href="https://golang.org/pkg/crypto/tls/#Config" rel="nofollow">GetCertificate callback</a> of a tls.Config and manage your own certificate cache.</p></pre>vietnq: <pre><p>You can just add cert to tls.Config and call ListenAndServeTLS with empty strings (<a href="https://golang.org/src/net/http/server.go?s=85702:85770#L2855" rel="nofollow">https://golang.org/src/net/http/server.go?s=85702:85770#L2855</a>). If server is already running, you need to implement GetCertificate like <a href="https://godoc.org/golang.org/x/crypto/acme/autocert#Manager.GetCertificate" rel="nofollow">https://godoc.org/golang.org/x/crypto/acme/autocert#Manager.GetCertificate</a></p></pre>ArturusPendragon: <pre><p>Perfect! Thank you :)</p></pre>DemandsBattletoads: <pre><p>You may need to write the keys to disk and restart the server. I'm not aware of any server out there that can do this live as it could cause all kinds of cryptographic race conditions.</p></pre>jerf: <pre><p>The more I read your post, the less I understand what it is you are trying to do. What do the newly generated certificates have to do with your HTTPS server? You shouldn't be trying to change the certificate of the server after it is generated.</p></pre>
