I'm working on a proxy server for automating browser integration tests. I've gotten to a place where I can create a root CA cert and then my self signed cert.
However, where I'm failing is "joining" these together into a valid certificate chain that is then served. I feel like I'm missing something very trivial as the CA is created correctly and the self signed cert is being signed by the CA however the certificate chain never shows the CA when viewing the generated certificate within a browser.
I realize this is somewhat a cryptic question, but let me know how I can make this more clear.
Thanks everyone!
func Server(cn net.Conn, p ServerParam) *ServerConn {
conf := new(tls.Config)
if p.TLSConfig != nil {
*conf = *p.TLSConfig
}
sc := new(ServerConn)
// this is the CA certificate that is performing the signing and I had though would show as the "root" certificate in the chain
conf.RootCAs = buildBoolFromCA(p.CA)
conf.GetCertificate = func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
sc.ServerName = hello.ServerName
// the self signed cert that is generated (the root CA however is not part of the chain
return getCert(p.CA, hello.ServerName)
}
sc.Conn = tls.Server(cn, conf)
return sc
}
To reduce the size of this post I created a small gist here to show where I'm generating the CA and the self signed certificate: https://gist.github.com/jredl-va/d5df26877fc85095115731d98ea5ff33
Update 1 Added get cert to gist