qmilangowin · October 20, 2022 07:30 · Apr 4, 2018 · Nov 30, 2017 · Apr 15, 2017 · Mar 18, 2017
diff --git a/golang-tls.md b/golang-tls.md
@@ -1,4 +1,4 @@
-### Moved to git repository: https://github.com/denji/golang-tls
+# Moved to git repository: https://github.com/denji/golang-tls
 
 ##### Generate private key (.key)
 

diff --git a/golang-tls.md b/golang-tls.md
@@ -196,15 +196,15 @@ func main() {
 #### Generation of self-sign a certificate with a private (`.key`) and public key (PEM-encodings `.pem`|`.crt`) in one command:
 
 ```sh
-# RSA recommendation key ≥ 2048-bit
+# ECDSA recommendation key ≥ secp384r1
+# List ECDSA the supported curves (openssl ecparam -list_curves)
 openssl req -x509 -nodes -newkey ec:secp384r1 -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
 # openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout server.ecdsa.key -out server.ecdsa.crt -days 3650
 # -pkeyopt ec_paramgen_curve:… / ec:<(openssl ecparam -name …) / -newkey ec:…
 ln -sf server.ecdsa.key server.key
 ln -sf server.ecdsa.crt server.crt
 
-# ECDSA recommendation key ≥ secp384r1
-# List ECDSA the supported curves (openssl ecparam -list_curves)
+# RSA recommendation key ≥ 2048-bit
 openssl req -x509 -nodes -newkey rsa:2048 -keyout server.rsa.key -out server.rsa.crt -days 3650
 ln -sf server.rsa.key server.key
 ln -sf server.rsa.crt server.crt

diff --git a/golang-tls.md b/golang-tls.md
@@ -231,14 +231,17 @@ ECDSA & RSA — FAQ
 
 CA Bundle Path
 ---
-* `/etc/pki/tls/certs/ca-bundle.crt` — `Fedora`, `RHEL`, `CentOS` (`ca-certificates` package)
-* `/etc/ssl/certs/ca-certificates.crt` — `Debian`, `Ubuntu`, `Gentoo`, `Arch Linux` (`ca-certificates` package)
-* `/etc/ssl/ca-bundle.pem` — `SUSE`, `openSUSE` (`ca-certificates` package)
-* `/usr/local/share/certs/ca-root-nss.crt` — `FreeBSD` (`ca_root_nss` package)
-* `/usr/ssl/certs/ca-bundle.crt` — `Cygwin`
-* `/opt/local/share/curl/curl-ca-bundle.crt` — `macOS macports` (`curl-ca-bundle` package)
-* `/usr/local/share/curl/curl-ca-bundle.crt` — Default cURL CA bunde path (without `--with-ca-bundle` option)
-* `/usr/share/ssl/certs/ca-bundle.crt` — `Really old RedHat?`
+
+| Distro                                                       	| Package         	| Path to CA                               	|
+|--------------------------------------------------------------	|-----------------	|------------------------------------------	|
+| Fedora, RHEL, CentOS                                         	| ca-certificates 	| /etc/pki/tls/certs/ca-bundle.crt         	|
+| Debian, Ubuntu, Gentoo, Arch Linux                           	| ca-certificates 	| /etc/ssl/certs/ca-certificates.crt       	|
+| SUSE, openSUSE                                               	| ca-certificates 	| /etc/ssl/ca-bundle.pem                   	|
+| FreeBSD                                                      	| ca_root_nss     	| /usr/local/share/certs/ca-root-nss.crt   	|
+| Cygwin                                                       	| -               	| /usr/ssl/certs/ca-bundle.crt             	|
+| macOS (MacPorts)                                             	| curl-ca-bundle  	| /opt/local/share/curl/curl-ca-bundle.crt 	|
+| Default cURL CA bunde path (without --with-ca-bundle option) 	|                 	| /usr/local/share/curl/curl-ca-bundle.crt 	|
+| Really old RedHat?                                           	|                 	| /usr/share/ssl/certs/ca-bundle.crt       	|
 
 Reference Link
 ---

diff --git a/golang-tls.md b/golang-tls.md
@@ -1,3 +1,5 @@
+### Moved to git repository: https://github.com/denji/golang-tls
+
 ##### Generate private key (.key)
 
 ```sh

diff --git a/golang-tls.md b/golang-tls.md
@@ -255,7 +255,7 @@ Reference Link
 * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
 * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
 * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
-* [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
+* __[XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)__
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
 * https://github.com/bifurcation/mint — minimal TLS 1.3 Implementation in Go
 * https://github.com/cloudflare/tls-tris — crypto/tls, now with 100% more 1.3

diff --git a/golang-tls.md b/golang-tls.md
@@ -210,7 +210,7 @@ ln -sf server.rsa.crt server.crt
 
 * `.crt` — Alternate synonymous most common among *nix systems `.pem` (pubkey).
 * `.csr` — Certficate Signing Requests (synonymous most common among *nix systems).
-* `.cer` — Microsoft alternate form of `.crt`, you can use MS to convert `.crt` to `.cer` (`DER` encoded `.cer`, or `base64[PEM]` encoded `.cer`.
+* `.cer` — Microsoft alternate form of `.crt`, you can use MS to convert `.crt` to `.cer` (`DER` encoded `.cer`, or `base64[PEM]` encoded `.cer`).
 * `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line. These files may also bear the `cer` or the `crt` extension.
 * `.der` — The DER extension is used for binary DER encoded certificates.
 
@@ -240,10 +240,10 @@ CA Bundle Path
 
 Reference Link
 ---
-* [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)
+* ~~[Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://web.archive.org/web/20160520182043/https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)~~
 * [OpenSSL without prompt – `superuser.com` (Stack Exchange)](http://superuser.com/a/226229/205366)
 * [TLS server and client — `gist.github.com/spikebike`](https://gist.github.com/spikebike/2232102)
-* [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
+* ~~[Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)~~
 * https://kjur.github.io/jsrsasign/sample-ecdsa.html
 * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – `guyrutenberg.com`](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
 * https://www.openssl.org/docs/manmaster/

diff --git a/golang-tls.md b/golang-tls.md
@@ -257,13 +257,13 @@ Reference Link
 * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
 * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
-* https://github.com/bifurcation/mint — A Minimal TLS 1.3 Implementation in Go
+* https://github.com/bifurcation/mint — minimal TLS 1.3 Implementation in Go
 * https://github.com/cloudflare/tls-tris — crypto/tls, now with 100% more 1.3
 * https://github.com/Xeoncross/secureserver
 * https://github.com/cloudflare/cfssl
 * https://github.com/google/certificate-transparency
 * https://cipherli.st/
-* https://github.com/cmrunton/tls-dashboard
+* https://github.com/cmrunton/tls-dashboard — dashboard written in JavaScript & HTML to check the remaining time before a TLS certificate expires.
 * https://github.com/tomato42/tlsfuzzer
 * https://github.com/mozilla/tls-observatory (https://observatory.mozilla.org/)
 * https://dev.ssllabs.com/ssltest/

diff --git a/golang-tls.md b/golang-tls.md
@@ -258,6 +258,7 @@ Reference Link
 * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
 * https://github.com/bifurcation/mint — A Minimal TLS 1.3 Implementation in Go
+* https://github.com/cloudflare/tls-tris — crypto/tls, now with 100% more 1.3
 * https://github.com/Xeoncross/secureserver
 * https://github.com/cloudflare/cfssl
 * https://github.com/google/certificate-transparency

diff --git a/golang-tls.md b/golang-tls.md
@@ -257,14 +257,17 @@ Reference Link
 * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
 * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
+* https://github.com/bifurcation/mint — A Minimal TLS 1.3 Implementation in Go
 * https://github.com/Xeoncross/secureserver
 * https://github.com/cloudflare/cfssl
 * https://github.com/google/certificate-transparency
 * https://cipherli.st/
+* https://github.com/cmrunton/tls-dashboard
+* https://github.com/tomato42/tlsfuzzer
 * https://github.com/mozilla/tls-observatory (https://observatory.mozilla.org/)
 * https://dev.ssllabs.com/ssltest/
 * https://indieweb.org/HTTPS
-* https://shaaaaaaaaaaaaa.com/
+* https://github.com/konklone/shaaaaaaaaaaaaa (https://shaaaaaaaaaaaaa.com/)
 * https://securityheaders.io/
 * https://testssl.sh/
 * https://github.com/nabla-c0d3/sslyze

diff --git a/golang-tls.md b/golang-tls.md
@@ -258,8 +258,10 @@ Reference Link
 * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
 * https://github.com/Xeoncross/secureserver
+* https://github.com/cloudflare/cfssl
+* https://github.com/google/certificate-transparency
 * https://cipherli.st/
-* https://observatory.mozilla.org/
+* https://github.com/mozilla/tls-observatory (https://observatory.mozilla.org/)
 * https://dev.ssllabs.com/ssltest/
 * https://indieweb.org/HTTPS
 * https://shaaaaaaaaaaaaa.com/

diff --git a/golang-tls.md b/golang-tls.md
@@ -265,4 +265,11 @@ Reference Link
 * https://shaaaaaaaaaaaaa.com/
 * https://securityheaders.io/
 * https://testssl.sh/
+* https://github.com/nabla-c0d3/sslyze
+* https://github.com/iSECPartners/sslyze
+* https://github.com/mozilla/cipherscan
+* https://github.com/ssllabs/ssllabs-scan
+* https://github.com/chromium/badssl.com (https://badssl.com)
+* https://github.com/datatheorem/TrustKit
+* https://github.com/certifi/gocertifi
 * …
diff --git a/golang-tls.md b/golang-tls.md
@@ -262,3 +262,7 @@ Reference Link
 * https://observatory.mozilla.org/
 * https://dev.ssllabs.com/ssltest/
 * https://indieweb.org/HTTPS
+* https://shaaaaaaaaaaaaa.com/
+* https://securityheaders.io/
+* https://testssl.sh/
+* …
diff --git a/golang-tls.md b/golang-tls.md
@@ -261,3 +261,4 @@ Reference Link
 * https://cipherli.st/
 * https://observatory.mozilla.org/
 * https://dev.ssllabs.com/ssltest/
+* https://indieweb.org/HTTPS
diff --git a/golang-tls.md b/golang-tls.md
@@ -259,3 +259,5 @@ Reference Link
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
 * https://github.com/Xeoncross/secureserver
 * https://cipherli.st/
+* https://observatory.mozilla.org/
+* https://dev.ssllabs.com/ssltest/
diff --git a/golang-tls.md b/golang-tls.md
@@ -258,3 +258,4 @@ Reference Link
 * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
 * https://github.com/Xeoncross/secureserver
+* https://cipherli.st/
diff --git a/golang-tls.md b/golang-tls.md
@@ -257,3 +257,4 @@ Reference Link
 * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
 * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
 * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
+* https://github.com/Xeoncross/secureserver
diff --git a/golang-tls.md b/golang-tls.md
@@ -256,3 +256,4 @@ Reference Link
 * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
 * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
 * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
+* Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options 
diff --git a/golang-tls.md b/golang-tls.md
@@ -9,8 +9,6 @@ openssl genrsa -out server.key 2048
 openssl ecparam -genkey -name secp384r1 -out server.key
 ```
 
-> OpenSSL 1.0.2+ support RSA/ECC - Dual Mode
-
 ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
 ```sh

diff --git a/golang-tls.md b/golang-tls.md
@@ -9,6 +9,8 @@ openssl genrsa -out server.key 2048
 openssl ecparam -genkey -name secp384r1 -out server.key
 ```
 
+> OpenSSL 1.0.2+ support RSA/ECC - Dual Mode
+
 ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
 ```sh

diff --git a/golang-tls.md b/golang-tls.md
@@ -255,3 +255,4 @@ Reference Link
 * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
 * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
 * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
+* [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
diff --git a/golang-tls.md b/golang-tls.md
@@ -208,9 +208,11 @@ ln -sf server.rsa.key server.key
 ln -sf server.rsa.crt server.crt
 ```
 
-* `.crt` (synonymous most common among *nix systems)
+* `.crt` — Alternate synonymous most common among *nix systems `.pem` (pubkey).
+* `.csr` — Certficate Signing Requests (synonymous most common among *nix systems).
+* `.cer` — Microsoft alternate form of `.crt`, you can use MS to convert `.crt` to `.cer` (`DER` encoded `.cer`, or `base64[PEM]` encoded `.cer`.
+* `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line. These files may also bear the `cer` or the `crt` extension.
 * `.der` — The DER extension is used for binary DER encoded certificates.
-* `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.
 
 #### Generating the Certficate Signing Request
 

diff --git a/golang-tls.md b/golang-tls.md
@@ -12,7 +12,7 @@ openssl ecparam -genkey -name secp384r1 -out server.key
 ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
 ```sh
-openssl req -new -x509 -sha256 -key server.key -out server.csr -days 3650
+openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
 ```
 
 ---

diff --git a/golang-tls.md b/golang-tls.md
@@ -3,7 +3,7 @@
 ```sh
 # Key considerations for algorithm "RSA" ≥ 2048-bit
 openssl genrsa -out server.key 2048
-    
+
 # Key considerations for algorithm "ECDSA" ≥ secp384r1
 # List ECDSA the supported curves (openssl ecparam -list_curves)
 openssl ecparam -genkey -name secp384r1 -out server.key
@@ -12,7 +12,7 @@ openssl ecparam -genkey -name secp384r1 -out server.key
 ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)
 
 ```sh
-openssl req -new -x509 -sha256 -key server.key -out server.pem -days 3650
+openssl req -new -x509 -sha256 -key server.key -out server.csr -days 3650
 ```
 
 ---
@@ -159,35 +159,35 @@ func main() {
 package main
 
 import (
-	"crypto/tls"
-	"log"
-	"net/http"
+    "crypto/tls"
+    "log"
+    "net/http"
 )
 
 func main() {
-	mux := http.NewServeMux()
-	mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
-		w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
-		w.Write([]byte("This is an example server.\n"))
-	})
-	cfg := &tls.Config{
-		MinVersion:               tls.VersionTLS12,
-		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
-		PreferServerCipherSuites: true,
-		CipherSuites: []uint16{
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-		},
-	}
-	srv := &http.Server{
-		Addr:         ":443",
-		Handler:      mux,
-		TLSConfig:    cfg,
-		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
-	}
-	log.Fatal(srv.ListenAndServeTLS("tls.crt", "tls.key"))
+    mux := http.NewServeMux()
+    mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
+        w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+        w.Write([]byte("This is an example server.\n"))
+    })
+    cfg := &tls.Config{
+        MinVersion:               tls.VersionTLS12,
+        CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+        PreferServerCipherSuites: true,
+        CipherSuites: []uint16{
+            tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+            tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+            tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+        },
+    }
+    srv := &http.Server{
+        Addr:         ":443",
+        Handler:      mux,
+        TLSConfig:    cfg,
+        TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
+    }
+    log.Fatal(srv.ListenAndServeTLS("tls.crt", "tls.key"))
 }
 ```
 
@@ -200,17 +200,17 @@ openssl req -x509 -nodes -newkey ec:secp384r1 -keyout server.ecdsa.key -out serv
 # -pkeyopt ec_paramgen_curve:… / ec:<(openssl ecparam -name …) / -newkey ec:…
 ln -sf server.ecdsa.key server.key
 ln -sf server.ecdsa.crt server.crt
-	
+
 # ECDSA recommendation key ≥ secp384r1
 # List ECDSA the supported curves (openssl ecparam -list_curves)
 openssl req -x509 -nodes -newkey rsa:2048 -keyout server.rsa.key -out server.rsa.crt -days 3650
 ln -sf server.rsa.key server.key
 ln -sf server.rsa.crt server.crt
 ```
 
-`.crt` (synonymous most common among *nix systems)  
-`.der` — The DER extension is used for binary DER encoded certificates.  
-`.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.
+* `.crt` (synonymous most common among *nix systems)
+* `.der` — The DER extension is used for binary DER encoded certificates.
+* `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.
 
 #### Generating the Certficate Signing Request
 

diff --git a/golang-tls.md b/golang-tls.md
@@ -227,12 +227,12 @@ ECDSA & RSA — FAQ
 
 CA Bundle Path
 ---
-* `/etc/pki/tls/certs/ca-bundle.crt` — `Fedora`, `RHEL`, `CentOS` (ca-certificates package)
-* `/etc/ssl/certs/ca-certificates.crt` — `Debian`, `Ubuntu`, `Gentoo`, `Arch Linux` (ca-certificates package)
-* `/etc/ssl/ca-bundle.pem` — `SUSE`, `openSUSE` (ca-certificates package)
-* `/usr/local/share/certs/ca-root-nss.crt` — `FreeBSD` (ca_root_nss_package)
+* `/etc/pki/tls/certs/ca-bundle.crt` — `Fedora`, `RHEL`, `CentOS` (`ca-certificates` package)
+* `/etc/ssl/certs/ca-certificates.crt` — `Debian`, `Ubuntu`, `Gentoo`, `Arch Linux` (`ca-certificates` package)
+* `/etc/ssl/ca-bundle.pem` — `SUSE`, `openSUSE` (`ca-certificates` package)
+* `/usr/local/share/certs/ca-root-nss.crt` — `FreeBSD` (`ca_root_nss` package)
 * `/usr/ssl/certs/ca-bundle.crt` — `Cygwin`
-* `/opt/local/share/curl/curl-ca-bundle.crt` — `macOS macports`, `curl-ca-bundle` package
+* `/opt/local/share/curl/curl-ca-bundle.crt` — `macOS macports` (`curl-ca-bundle` package)
 * `/usr/local/share/curl/curl-ca-bundle.crt` — Default cURL CA bunde path (without `--with-ca-bundle` option)
 * `/usr/share/ssl/certs/ca-bundle.crt` — `Really old RedHat?`
 

diff --git a/golang-tls.md b/golang-tls.md
@@ -225,6 +225,17 @@ ECDSA & RSA — FAQ
 * Conversion form to compressed "ECDSA" `-conv_form compressed`
 * "EC" parameters and a private key `-genkey`
 
+CA Bundle Path
+---
+* `/etc/pki/tls/certs/ca-bundle.crt` — `Fedora`, `RHEL`, `CentOS` (ca-certificates package)
+* `/etc/ssl/certs/ca-certificates.crt` — `Debian`, `Ubuntu`, `Gentoo`, `Arch Linux` (ca-certificates package)
+* `/etc/ssl/ca-bundle.pem` — `SUSE`, `openSUSE` (ca-certificates package)
+* `/usr/local/share/certs/ca-root-nss.crt` — `FreeBSD` (ca_root_nss_package)
+* `/usr/ssl/certs/ca-bundle.crt` — `Cygwin`
+* `/opt/local/share/curl/curl-ca-bundle.crt` — `macOS macports`, `curl-ca-bundle` package
+* `/usr/local/share/curl/curl-ca-bundle.crt` — Default cURL CA bunde path (without `--with-ca-bundle` option)
+* `/usr/share/ssl/certs/ca-bundle.crt` — `Really old RedHat?`
+
 Reference Link
 ---
 * [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)

diff --git a/golang-tls.md b/golang-tls.md
@@ -125,9 +125,9 @@ import (
 func main() {
     log.SetFlags(log.Lshortfile)
 
-    // conf := &tls.Config{
-    //     InsecureSkipVerify: true,
-    // }
+    conf := &tls.Config{
+         //InsecureSkipVerify: true,
+    }
 
     conn, err := tls.Dial("tcp", "127.0.0.1:443", conf)
     if err != nil {

diff --git a/golang-tls.md b/golang-tls.md
@@ -125,9 +125,9 @@ import (
 func main() {
     log.SetFlags(log.Lshortfile)
 
-    conf := &tls.Config{
-        InsecureSkipVerify: true,
-    }
+    // conf := &tls.Config{
+    //     InsecureSkipVerify: true,
+    // }
 
     conn, err := tls.Dial("tcp", "127.0.0.1:443", conf)
     if err != nil {

diff --git a/golang-tls.md b/golang-tls.md
@@ -233,9 +233,10 @@ Reference Link
 * [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
 * https://kjur.github.io/jsrsasign/sample-ecdsa.html
 * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – `guyrutenberg.com`](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
-* https://www.openssl.org/docs/manmaster/man1/ecparam.html
-* https://www.openssl.org/docs/manmaster/man1/ec.html
-* https://www.openssl.org/docs/manmaster/man1/req.html
+* https://www.openssl.org/docs/manmaster/
+ * https://www.openssl.org/docs/manmaster/man1/ecparam.html
+ * https://www.openssl.org/docs/manmaster/man1/ec.html
+ * https://www.openssl.org/docs/manmaster/man1/req.html
 * https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
 * [HTTPS and Go – `kaihag.com`](http://www.kaihag.com/https-and-go/)
 * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)

diff --git a/golang-tls.md b/golang-tls.md
@@ -233,9 +233,9 @@ Reference Link
 * [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
 * https://kjur.github.io/jsrsasign/sample-ecdsa.html
 * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – `guyrutenberg.com`](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
-* https://www.openssl.org/docs/manmaster/apps/ecparam.html
-* https://www.openssl.org/docs/manmaster/apps/ec.html
-* https://www.openssl.org/docs/manmaster/apps/req.html
+* https://www.openssl.org/docs/manmaster/man1/ecparam.html
+* https://www.openssl.org/docs/manmaster/man1/ec.html
+* https://www.openssl.org/docs/manmaster/man1/req.html
 * https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
 * [HTTPS and Go – `kaihag.com`](http://www.kaihag.com/https-and-go/)
 * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)

diff --git a/golang-tls.md b/golang-tls.md
@@ -48,7 +48,7 @@ func main() {
 Hint: visit, please do not forget to use https begins,otherwise chrome will download a file as follows:
 
 ```bash
-dotcoo-air:tls dotcoo$ cat ~/Downloads/hello | xxd
+$ curl -sL https://localhost:443 | xxd
 0000000: 1503 0100 0202 0a                        .......
 ```
No results found