douju1968 2016-12-01 15:34
浏览 141
已采纳

如何在Go中建立tls.Certificate链?

I'm trying to configure a TLS server to return a Certificate chain on connection.

I want to create a tls.Config, with a Certificate chain :

    // Certificates contains one or more certificate chains
    // to present to the other side of the connection.
    // Server configurations must include at least one certificate
    // or else set GetCertificate.
    Certificates []Certificate

Assuming my chain is root -> inter -> server, I can load each certificate independently, and use a list, but only serverCert is sent to the SSL client.

I'm doing something along the lines of :

root, err := tls.LoadX509KeyPair("root.crt", "root.key")
inter, err := tls.LoadX509KeyPair("inter.crt", "inter.key")
server, err := tls.LoadX509KeyPair("server.crt", "server.key")

config := tls.Config{
   Certificates : []tls.Certificates{root, inter, server}
}
config.BuildNameFromCertificates()

Am I missing something obvious ? Does the order matter ?

  • 写回答

1条回答 默认 最新

  • doupao5296 2016-12-01 15:50
    关注

    your server.crt file can contain the entire chain [plus you don't want your server to have the inter or root keys], in server.crt you can have

    -----BEGIN CERTIFICATE-----
[server cert]
-----END CERT-----
 ----BEGIN CERTIFICATE-----
[inter cert]
-----END CERT-----

    The root cert shouldn't be in the chain served from the server, just the server + intermediate[s].

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 我想在一个软件里添加一个优惠弹窗,应该怎么写代码
  • ¥15 fluent的在模拟压强时使用希望得到一些建议
  • ¥15 STM32驱动继电器
  • ¥15 Windows server update services
  • ¥15 关于#c语言#的问题:我现在在做一个墨水屏设计,2.9英寸的小屏怎么换4.2英寸大屏
  • ¥15 模糊pid与pid仿真结果几乎一样
  • ¥15 java的GUI的运用
  • ¥15 Web.config连不上数据库
  • ¥15 我想付费需要AKM公司DSP开发资料及相关开发。
  • ¥15 怎么配置广告联盟瀑布流