Get requested domain on TLS

How to get domain name if using tls go server listener with self signed certificate. If browser show notification about certificate and not add to exceptin only one request goes to server. Domain name is in net.Conn. to see it i use fmt.Println(conn) but how to get that name in variable as string?

This is the very first google result for ‘net tls connection self signed certificate’, and it has a few examples that might be good for you.

You need to add your self-signed certificate to the certificate store of the computer you are connecting from.

Problem is no to create TLS server but when servers runs get requested domain name. If use self signed certificate user can not accept, in that case only one request goes to server. I want to know what domain name was used for request.


  1. Client in browser open address
  2. Server receive request and respond with certificate (handshake)
  3. In LOG file write requested domain name
  4. Client not add to exception certificate and kclose browser;

I need step 3.

First of all be carefull with FQDN when you generate self signed certificate and put properly domain there. Second, do not use Chrome for self signed certificates. Chrome made some changes and is somehow hard to handle this kind of certificates. Instead you can use Firefox. If handshake works you can log or whatever.

Base idea is detect requested domain name if certificate do not match.

You can hook into the GetCertificate method of the TLS config:

tlsCfg := &tls.Config{
		GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
			fmt.Println("client requested", hello.ServerName)
			return nil, errors.New("no certificate for you")

You will also need to actually provide a certificate in the cases where you have one that matches the requested name. If you have just one, you can always provide that.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.