douju1968 2016-12-01 15:34
浏览 141
已采纳

如何在Go中建立tls.Certificate链?

I'm trying to configure a TLS server to return a Certificate chain on connection.

I want to create a tls.Config, with a Certificate chain :

    // Certificates contains one or more certificate chains
    // to present to the other side of the connection.
    // Server configurations must include at least one certificate
    // or else set GetCertificate.
    Certificates []Certificate

Assuming my chain is root -> inter -> server, I can load each certificate independently, and use a list, but only serverCert is sent to the SSL client.

I'm doing something along the lines of :

root, err := tls.LoadX509KeyPair("root.crt", "root.key")
inter, err := tls.LoadX509KeyPair("inter.crt", "inter.key")
server, err := tls.LoadX509KeyPair("server.crt", "server.key")

config := tls.Config{
   Certificates : []tls.Certificates{root, inter, server}
}
config.BuildNameFromCertificates()

Am I missing something obvious ? Does the order matter ?

  • 写回答

1条回答 默认 最新

  • doupao5296 2016-12-01 15:50
    关注

    your server.crt file can contain the entire chain [plus you don't want your server to have the inter or root keys], in server.crt you can have

    -----BEGIN CERTIFICATE-----
[server cert]
-----END CERT-----
 ----BEGIN CERTIFICATE-----
[inter cert]
-----END CERT-----

    The root cert shouldn't be in the chain served from the server, just the server + intermediate[s].

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看