英文:
Go: Load certificate so it becomes a *x509.Certificate (that is able to sign other certificates)
问题
我在golang-nuts上提问了,但没有得到回复。
https://groups.google.com/forum/#!topic/golang-nuts/EhlpMiMAPSM
我认为复制邮件正文没有太多意义,因为我不认为Google groups或链接会改变,第一封邮件的正文应该足够了。
我有一个使用x509包生成的证书,一个由另一个使用x509包生成的CA证书签名的CA证书。
一次性完成。
打开输出文件
使用x509.CreateCertificate()创建DER格式
使用pem.Encode()编码为PEM格式
CA证书有效,也已导入到各种浏览器中没有问题
openssl -text也报告可解析
我尝试了tls.LoadX509KeyPair()
和
func LoadX509KeyPair(certFile, keyFile string) (*x509.Certificate, *rsa.PrivateKey) {
cf, e := ioutil.ReadFile(certFile)
if e != nil {
fmt.Println("cfload:", e.Error())
os.Exit(1)
}
kf, e := ioutil.ReadFile(keyFile)
if e != nil {
fmt.Println("kfload:", e.Error())
os.Exit(1)
}
cpb, cr := pem.Decode(cf)
fmt.Println(string(cr))
kpb, kr := pem.Decode(kf)
fmt.Println(string(kr))
crt, e := x509.ParseCertificate(cpb.Bytes)
if e != nil {
fmt.Println("parsex509:", e.Error())
os.Exit(1)
}
key, e := x509.ParsePKCS1PrivateKey(kpb.Bytes)
if e != nil {
fmt.Println("parsekey:", e.Error())
os.Exit(1)
}
return crt, key
}
然而,
parsex509: asn1: syntax error: data truncated
exit status 1
我如何加载证书以便将其作为*x509.Certificate类型用于签署其他证书?
我可能漏掉了一些明显的东西,但是是什么呢?
英文:
I've asked in golang-nuts but no response
https://groups.google.com/forum/#!topic/golang-nuts/EhlpMiMAPSM
I don't think duplicating the mail bodies would make much sense, since I don't believe Google groups or the link will change, the first email's body should suffice.
I have a certificate that was generated with the x509 package, a CA certificate that was signed by another CA certificate that was also generated with the x509 package.
All in 1 go.
open out file
create der with x509.CreateCertificate()
marshall pem with pem.Encode()
the CA certs are valid, also imported in various browsers without complaint
openssl -text also reports parsable
I tried tls.LoadX509KeyPair()
and
func LoadX509KeyPair(certFile, keyFile string) (*x509.Certificate, *rsa.PrivateKey) {
cf, e := ioutil.ReadFile(certFile)
if e != nil {
fmt.Println("cfload:", e.Error())
os.Exit(1)
}
kf, e := ioutil.ReadFile(keyFile)
if e != nil {
fmt.Println("kfload:", e.Error())
os.Exit(1)
}
cpb, cr := pem.Decode(cf)
fmt.Println(string(cr))
kpb, kr := pem.Decode(kf)
fmt.Println(string(kr))
crt, e := x509.ParseCertificate(cpb.Bytes)
if e != nil {
fmt.Println("parsex509:", e.Error())
os.Exit(1)
}
key, e := x509.ParsePKCS1PrivateKey(kpb.Bytes)
if e != nil {
fmt.Println("parsekey:", e.Error())
os.Exit(1)
}
return crt, key
}
however,
parsex509: asn1: syntax error: data truncated
exit status 1
How do I load a certificate so I can use it to sign other certificates as a *x509.Certificate type?
There's probably something obvious I'm missing, but what is it?
答案1
得分: 4
答案是:问题中提到的方法是正确的方法。
问题或错误仍然存在于证书的创建过程中,因此在“如何加载证书”的范围内,问题已经得到了回答。
英文:
The answer is: The way it's done in the question is the correct way.
The problem or bug remains in the certificate creation, so in the scope of the question "how to load a certificate" the question is answered.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论