英文:
Intermediate certificate doesn't match private key with Go
问题
我正在尝试构建一个能够运行HTTPS应用程序的Go(golang)程序。
我在SSL中间证书方面遇到了很多问题,不知道问题是来自我的证书还是Go语言应用程序。
所以,我从SSL CA提供商那里得到了两个证书文件:服务器证书和中间证书。
我试图在我的Go代码中加载这些证书,代码如下:
tlsConfig := &tls.Config{}
tlsConfig.Certificates = make([]tls.Certificate, 2)
var err error
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(serverCertificate, privateKey)
if err != nil {
log.Fatal(err)
}
tlsConfig.Certificates[1], err = tls.LoadX509KeyPair(intermediateCertificate, privateKey)
if err != nil {
log.Fatal(err)
}
tlsConfig.BuildNameToCertificate()
server := &http.Server{
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
TLSConfig: tlsConfig,
Addr: ":443",
}
app.RunServer(server)
代码在第二次加载证书的时候出错,错误发生在这一行:
tls.LoadX509KeyPair(intermediateCertificate, privateKey)
错误是证书与私钥不匹配。
在SSL/TLS世界中,中间证书是否应该与私钥匹配?
或者它不需要匹配。
如果不需要匹配,那么如何在没有私钥的情况下加载证书?
我应该回到我的CA那里,告诉他们中间证书为什么与私钥不匹配吗?
英文:
I am trying to build a Go (golang) program that will run https application.
I am really having trouble with SSL intermediate certificate and don't know where the problem, is it from my certificate or from Go language application.
So, I have from my SSL CA providers two certificate files : the server certificate, and intermediate certificate.
So, I am trying to load these certificates from my go code like this:
tlsConfig := &tls.Config{}
tlsConfig.Certificates = make([]tls.Certificate, 2)
var err error
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(serverCertificate, privateKey)
if err != nil {
log.Fatal(err)
}
tlsConfig.Certificates[1], err = tls.LoadX509KeyPair(intermeddiateCertificate, privateKey)
if err != nil {
log.Fatal(err)
}
tlsConfig.BuildNameToCertificate()
server := &http.Server{
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
TLSConfig: tlsConfig,
Addr: ":443,
}
app.RunServer(server)
the code fails on the second load of certificate on this line
tls.LoadX509KeyPair(intermeddiateCertificate, privateKey)
The error is the certificate doesn't match the private key.
Does the intermediate certificate should match the private key in SSL/TLS world?
or it doesn't have to.
And in case doesn't have to, then how to load the certificate without a private key?
should I return back to my CA and tell them how come the intermediate certifcate doesn't match the private key?
答案1
得分: 3
你没有中间证书的密钥,只有服务器证书的密钥。请注意,我对Go不太了解,但根据https://stackoverflow.com/questions/28898723/golang-ssl-tcp-socket-certificate-configuration的说法,你只需将中间证书包含在与服务器证书相同的PEM文件中即可。
英文:
You don't have a key for the intermediate certificate, only for the server certificate. Note that I don't know much about Go, but according to https://stackoverflow.com/questions/28898723/golang-ssl-tcp-socket-certificate-configuration you simply include the intermediate certificate into the same PEM file as the server certificate.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论