Package hvclient provides an interface to the GlobalSign Atlas Certificate Management API.
go get github.com/globalsign/hvclient
The cmd/hvclient directory contains a command line interface utility.
Basic usage is straightforward:
-
Create a
Clientobject -
Use it to make HVCA API calls.
Creating a Client object requires:
-
An API key and API secret provided by GlobalSign during account set-up; and
-
A private key and a certificate to use for mutual TLS authentication with the HVCA server. The private key should be the one associated with the public key that was provided to GlobalSign during account set-up, and the certificate should be the one provided by GlobalSign along with the API key and API secret.
The Client object may be created with either:
-
A configuration file, useful when the account credentials are located in files; or with
-
A
Configobject, useful when the account credentials are obtained programmatically from a secrets vault, from environment variables, or in some other manner.
An example configuration file:
{
"url": "https://emea.api.hvca.globalsign.com:8443/v2",
"api_key": "<your_api_key>",
"api_secret": "<your_api_secret>",
"cert_file": "testdata/mtls_cert.pem",
"key_file": "testdata/mtls_private_key.pem",
"key_passphrase": "strongpassword",
"insecure_skip_verify": false,
"extra_headers": [
"Header-Name-One": "value",
"Header-Name-Two": "value"
],
"timeout": 60
}
key_passphrasemust be provided if the mTLS private key is an encrypted PEM block as specified in RFC 1423.insecure_skip_verifycontrols whether the client verifies the server's certificate chain and host name. If true, any certificate presented by the server and any host name in that certificate is accepted. In this mode, TLS is susceptible to machine-in-the-middle attacks unless custom verification is used. This should be used only for testing.extra_headersare optional additional HTTP headers to include in the requests to the server.timeoutspecifies a request timeout in seconds.
