猿问

Go:如何向 x509.Certificate 添加扩展名 (subjectAltName)?

我正在创建一个 CA 证书。我想添加带有一些值的 subjectAltName 扩展名,例如电子邮件或 crl 或公共证书位置等。


package main


import (

    "crypto/rand"

    "crypto/rsa"

    "crypto/x509"

    "crypto/x509/pkix"

    "encoding/asn1"

    "encoding/pem"

    "fmt"

    "math/big"

    "os"

    "time"

    //"net"

    //"strconv"

)


func main() {

    template := x509.Certificate{}

    template.Subject = pkix.Name{

        Organization:  []string{"domain.tld", "My Name"},

        StreetAddress: []string{"Whatever. 123"},

        PostalCode:    []string{"12345"},

        Province:      []string{"Redneckville"},

        Locality:      []string{"Woods"},

        Country:       []string{"US"},

        CommonName:    "CA domain my name",

    }


    template.NotBefore = time.Now()

    template.NotAfter = template.NotBefore.Add(87658 * time.Hour)

    template.KeyUsage = x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCRLSign

    template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}

    template.IsCA = true

    template.BasicConstraintsValid = true

    extSubjectAltName := pkix.Extension{}

    extSubjectAltName.Id = asn1.ObjectIdentifier{2, 5, 29, 17}

    extSubjectAltName.Critical = false

    var e error

    extSubjectAltName.Value, e = asn1.Marshal([]string{`email:mail@domain.tld`, `URI:http://ca.domain.tld/`})

    if e != nil {

        fmt.Println(e.Error())

        return

    }


当我这样做时,结果是


X509v3 extensions:

    X509v3 Key Usage: critical

        Digital Signature, Key Encipherment, Certificate Sign, CRL Sign

    X509v3 Extended Key Usage: 

        TLS Web Client Authentication, TLS Web Server Authentication

    X509v3 Basic Constraints: critical

        CA:TRUE

所以,但我希望像


    X509v3 Subject Alternative Name: 

        email:caoperator@disig.sk, URI:http://www.disig.sk/ca

如何使用这些值添加扩展名?


我也试过 Value: []byte(``email:my@email.com, URI:http://some.tld/uri``)< double "`" 因为格式化


九州编程
浏览 408回答 3
3回答
随时随地看视频慕课网APP

相关分类

Go
我要回答