加载证书,使其成为*x509.Certificate(能够签署其他证书)。

huangapple go评论81阅读模式
英文:

Go: Load certificate so it becomes a *x509.Certificate (that is able to sign other certificates)

问题

我在golang-nuts上提问了,但没有得到回复。

https://groups.google.com/forum/#!topic/golang-nuts/EhlpMiMAPSM

我认为复制邮件正文没有太多意义,因为我不认为Google groups或链接会改变,第一封邮件的正文应该足够了。

我有一个使用x509包生成的证书,一个由另一个使用x509包生成的CA证书签名的CA证书。
一次性完成。

打开输出文件
使用x509.CreateCertificate()创建DER格式
使用pem.Encode()编码为PEM格式

CA证书有效,也已导入到各种浏览器中没有问题

openssl -text也报告可解析

我尝试了tls.LoadX509KeyPair()

func LoadX509KeyPair(certFile, keyFile string) (*x509.Certificate, *rsa.PrivateKey) {
    cf, e := ioutil.ReadFile(certFile)
    if e != nil {
        fmt.Println("cfload:", e.Error())
        os.Exit(1)
    }

    kf, e := ioutil.ReadFile(keyFile)
    if e != nil {
        fmt.Println("kfload:", e.Error())
        os.Exit(1)
    }
    cpb, cr := pem.Decode(cf)
    fmt.Println(string(cr))
    kpb, kr := pem.Decode(kf)
    fmt.Println(string(kr))
    crt, e := x509.ParseCertificate(cpb.Bytes)

    if e != nil {
        fmt.Println("parsex509:", e.Error())
        os.Exit(1)
    }
    key, e := x509.ParsePKCS1PrivateKey(kpb.Bytes)
    if e != nil {
        fmt.Println("parsekey:", e.Error())
        os.Exit(1)
    }
    return crt, key
}

然而,

parsex509: asn1: syntax error: data truncated
exit status 1

我如何加载证书以便将其作为*x509.Certificate类型用于签署其他证书?

我可能漏掉了一些明显的东西,但是是什么呢?

英文:

I've asked in golang-nuts but no response

https://groups.google.com/forum/#!topic/golang-nuts/EhlpMiMAPSM

I don't think duplicating the mail bodies would make much sense, since I don't believe Google groups or the link will change, the first email's body should suffice.

I have a certificate that was generated with the x509 package, a CA certificate that was signed by another CA certificate that was also generated with the x509 package.
All in 1 go.

open out file
create der with x509.CreateCertificate()
marshall pem with pem.Encode()

the CA certs are valid, also imported in various browsers without complaint

openssl -text also reports parsable

I tried tls.LoadX509KeyPair()
and

func LoadX509KeyPair(certFile, keyFile string) (*x509.Certificate, *rsa.PrivateKey) {
    cf, e := ioutil.ReadFile(certFile)
    if e != nil {
        fmt.Println("cfload:", e.Error())
        os.Exit(1)
    }

    kf, e := ioutil.ReadFile(keyFile)
    if e != nil {
        fmt.Println("kfload:", e.Error())
        os.Exit(1)
    }
    cpb, cr := pem.Decode(cf)
    fmt.Println(string(cr))
    kpb, kr := pem.Decode(kf)
    fmt.Println(string(kr))
    crt, e := x509.ParseCertificate(cpb.Bytes)

    if e != nil {
        fmt.Println("parsex509:", e.Error())
        os.Exit(1)
    }
    key, e := x509.ParsePKCS1PrivateKey(kpb.Bytes)
    if e != nil {
        fmt.Println("parsekey:", e.Error())
        os.Exit(1)
    }
    return crt, key
}

however,

parsex509: asn1: syntax error: data truncated
exit status 1

How do I load a certificate so I can use it to sign other certificates as a *x509.Certificate type?

There's probably something obvious I'm missing, but what is it?

答案1

得分: 4

答案是:问题中提到的方法是正确的方法。

问题或错误仍然存在于证书的创建过程中,因此在“如何加载证书”的范围内,问题已经得到了回答。

英文:

The answer is: The way it's done in the question is the correct way.

The problem or bug remains in the certificate creation, so in the scope of the question "how to load a certificate" the question is answered.

huangapple
  • 本文由 发表于 2014年10月20日 08:02:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/26456775.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定