Skip to content
Proof of concept code to go with my OTS Certificate blog post
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Launch time Jun 25, 2019

TLS certs for internal OTS hardware

Most off the shelf hardware devices use a web app as their primary user interface however most currently do it either over HTTP or use HTTPS but with a self-signed certificate. This project offers a way for vendors to ship boxes which, on boot, will pick up a valid certificate from Lets Encrypt to allow their users to safely access them whatever network they are placed on.

This project is a proof of concept demo of the process I talk about in my blog post TLS certs for internal OTS hardware.

There is also an accompanying post on how to get this project working - TLS certs for internal OTS hardware - Proof of Concept - but here is a summary for those who want to get started without having to read all about it.

To get started, you'll need:

  • A domain to issue certificates for.
  • A Cloudflare account and API key.
  • A working Go environment

Clone the project:

go get -v

Build the server:

cd ~/go/src/
go get -v ./...
go build
cp ots-cert-server.cfg-template ots-cert-server.cfg

Edit the config file ots-cert-server.cfg with your chosen domain name and API details.

Start up the server:

INFO[0000] Starting the server
INFO[0000] No valid certificate found, going to create a new one 
INFO[0010] Creating DNS record
INFO[0011] Starting web server on:

Build the client:

cd ~/go/src/
go get -v ./...
go build
cp ots-cert-client.cfg-template ots-cert-client.cfg

You will need to edit the config file so it has the right address for the server.

Run the client:

INFO[0000] The hostname is:
INFO[0010] The certificate was generated
INFO[0010] Setup complete, browse to

Browse to the client to check all is working:

Congratulations, you should be viewing this over HTTPS on your custom domain.
You can’t perform that action at this time.