在 golang 中创建与本地主机的 openssl 相同的密钥和证书
如何在 Go 中编写与以下 openssl 命令等效的代码?
openssl req -subj /C=/ST=/O=/L=/CN=localhost/OU=/ -x509 -nodes -days 3650 \ -newkey rsa:4096 -keyout test.key -out test.crt
目标是根据其证书请求生成新证书。
繁星淼淼浏览 134回答 2
2回答
-
海绵宝宝撒
通过这种方式找到了我的解决方案-key, err := rsa.GenerateKey(rand.Reader, 4096) if err != nil { return "", "", err } keyBytes := x509.MarshalPKCS1PrivateKey(key) // PEM encoding of private key keyPEM := pem.EncodeToMemory( &pem.Block{ Type: "RSA PRIVATE KEY", Bytes: keyBytes, }, ) fmt.Println(string(keyPEM)) notBefore := time.Now() notAfter := notBefore.Add(365*24*10*time.Hour) //Create certificate templet template := x509.Certificate{ SerialNumber: big.NewInt(0), Subject: pkix.Name{CommonName: "localhost"}, SignatureAlgorithm: x509.SHA256WithRSA, NotBefore: notBefore, NotAfter: notAfter, BasicConstraintsValid: true, KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement | x509.KeyUsageKeyEncipherment | x509.KeyUsageDataEncipherment, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, } //Create certificate using templet derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key) if err != nil { return "", "", err } //pem encoding of certificate certPem := string(pem.EncodeToMemory( &pem.Block{ Type: "CERTIFICATE", Bytes: derBytes, }, )) fmt.Println(certPem)) -
慕莱坞森
您可能会考虑cloudflare/cfssl,其中包括一个cfssl.initca包,如下所示: var req *csr.CertificateRequest hostname := "cloudflare.com" crl := "http://crl.cloudflare.com/655c6a9b-01c6-4eea-bf21-be690cc315e0.crl" //cert_uuid.crl for _, param := range validKeyParams { for _, caconfig := range validCAConfigs { req = &csr.CertificateRequest{ Names: []csr.Name{ { C: "US", ST: "California", L: "San Francisco", O: "CloudFlare", OU: "Systems Engineering", }, }, CN: hostname, Hosts: []string{hostname, "www." + hostname}, KeyRequest: ¶m, CA: &caconfig, CRL: crl, } certBytes, _, keyBytes, err := New(req) if err != nil { t.Fatal("InitCA failed:", err) }
随时随地看视频慕课网APP
相关分类
Go