2016-12-01 15:34
浏览 123


I'm trying to configure a TLS server to return a Certificate chain on connection.

I want to create a tls.Config, with a Certificate chain :

    // Certificates contains one or more certificate chains
    // to present to the other side of the connection.
    // Server configurations must include at least one certificate
    // or else set GetCertificate.
    Certificates []Certificate

Assuming my chain is root -> inter -> server, I can load each certificate independently, and use a list, but only serverCert is sent to the SSL client.

I'm doing something along the lines of :

root, err := tls.LoadX509KeyPair("root.crt", "root.key")
inter, err := tls.LoadX509KeyPair("inter.crt", "inter.key")
server, err := tls.LoadX509KeyPair("server.crt", "server.key")

config := tls.Config{
   Certificates : []tls.Certificates{root, inter, server}

Am I missing something obvious ? Does the order matter ?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • doupao5296 2016-12-01 15:50

    your server.crt file can contain the entire chain [plus you don't want your server to have the inter or root keys], in server.crt you can have

    [server cert]
    -----END CERT-----
    [inter cert]
    -----END CERT-----

    The root cert shouldn't be in the chain served from the server, just the server + intermediate[s].

    点赞 评论

相关推荐 更多相似问题