"github.com/minio/minio-go/v7/pkg/set"
)

var serverPort uint32 = 60000

var getCert = func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
	certificate, err := getTLSCert()
	if err != nil {
		return nil, err
	}
	return &certificate, nil
}

func getTLSCert() (tls.Certificate, error) {
	keyPEMBlock := []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEApEkbPrT6wzcWK1W5atQiGptvuBsRdf8MCg4u6SN10QbslA5k

        .build()

    client.newCall(request).execute().use { response ->
      if (!response.isSuccessful) throw IOException("Unexpected code $response")

      for (certificate in response.handshake!!.peerCertificates) {
        println(CertificatePinner.pin(certificate))
      }
    }
  }
}

fun main() {
  CertificatePinning().run()

import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;

/**
 * Create an HTTPS server with a self-signed certificate that OkHttp trusts.
 */
public class HttpsServer {
  public void run() throws Exception {
    HeldCertificate localhostCertificate = new HeldCertificate.Builder()
        .addSubjectAlternativeName("localhost")

Il est intégré à Let's Encrypt. Ainsi, il peut gérer toutes les parties HTTPS, y compris l'acquisition et le renouvellement des certificats.

Il est également intégré à Docker. Ainsi, vous pouvez déclarer vos domaines dans les configurations de chaque application et faire en sorte qu'elles lisent ces configurations, génèrent les certificats HTTPS et servent via HTTPS à votre application automatiquement, sans nécessiter aucune modification de leurs configurations.

        try (InputStream in = new FileInputStream(filename)) {
            Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(in);

            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("server", certificate);

However, further setup is required to run tests or programs directly on a device.

First make sure you have a valid developer certificate and have setup your device properly
to run apps signed by your developer certificate. Then install the libimobiledevice and
ideviceinstaller tools from https://www.libimobiledevice.org/. Use the HEAD versions from

			CipherSuites:             crypto.TLSCiphersBackwardCompatible(),
			CurvePreferences:         crypto.TLSCurveIDs(),
		}
		// This is only to support client side certificate authentication
		// https://coreos.com/etcd/docs/latest/op-guide/security.html
		etcdClientCertFile := env.Get(EnvEtcdClientCert, kvs.Get(ClientCert))
		etcdClientCertKey := env.Get(EnvEtcdClientCertKey, kvs.Get(ClientCertKey))

        .build()
    val handshakeCertificates =
      HandshakeCertificates
        .Builder()
        .heldCertificate(heldCertificate)
        .addTrustedCertificate(heldCertificate.certificate)
        .build()
    server.useHttps(handshakeCertificates.sslSocketFactory())

    val dns =
      Dns {
        Dns.SYSTEM.lookup(server.hostName)
      }

    val client =

 * explicitly requested), this also includes that proxy information. For secure connections the
 * address also includes the SSL socket factory, hostname verifier, and certificate pinner.
 *
 * HTTP requests that share the same [Address] may also share the same [Connection].
 */
class Address(
  uriHost: String,
  uriPort: Int,

 * limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.X509Certificate

fun interface TrustRootIndex {
  /** Returns the trusted CA certificate that signed [cert]. */
  fun findByIssuerAndSignature(cert: X509Certificate): X509Certificate?