Package hvclient provides an interface to the GlobalSign Atlas Certificate Management API.
go get github.com/globalsign/hvclient
The cmd/hvclient
directory contains a command line interface utility.
Basic usage is straightforward:
-
Create a
Client
object -
Use it to make HVCA API calls.
Creating a Client
object requires:
-
An API key and API secret provided by GlobalSign during account set-up; and
-
A private key and a certificate to use for mutual TLS authentication with the HVCA server. The private key should be the one associated with the public key that was provided to GlobalSign during account set-up, and the certificate should be the one provided by GlobalSign along with the API key and API secret.
The Client
object may be created with either:
-
A configuration file, useful when the account credentials are located in files; or with
-
A
Config
object, useful when the account credentials are obtained programmatically from a secrets vault, from environment variables, or in some other manner.
An example configuration file:
{
"url": "https://emea.api.hvca.globalsign.com:8443/v2",
"api_key": "<your_api_key>",
"api_secret": "<your_api_secret>",
"cert_file": "testdata/mtls_cert.pem",
"key_file": "testdata/mtls_private_key.pem",
"key_passphrase": "strongpassword",
"insecure_skip_verify": false,
"extra_headers": [
"Header-Name-One": "value",
"Header-Name-Two": "value"
],
"timeout": 60
}
key_passphrase
must be provided if the mTLS private key is an encrypted PEM block as specified in RFC 1423.insecure_skip_verify
controls whether the client verifies the server's certificate chain and host name. If true, any certificate presented by the server and any host name in that certificate is accepted. In this mode, TLS is susceptible to machine-in-the-middle attacks unless custom verification is used. This should be used only for testing.extra_headers
are optional additional HTTP headers to include in the requests to the server.timeout
specifies a request timeout in seconds.