douju1968 2016-12-01 15:34
浏览 141
已采纳

如何在Go中建立tls.Certificate链?

I'm trying to configure a TLS server to return a Certificate chain on connection.

I want to create a tls.Config, with a Certificate chain :

    // Certificates contains one or more certificate chains
    // to present to the other side of the connection.
    // Server configurations must include at least one certificate
    // or else set GetCertificate.
    Certificates []Certificate

Assuming my chain is root -> inter -> server, I can load each certificate independently, and use a list, but only serverCert is sent to the SSL client.

I'm doing something along the lines of :

root, err := tls.LoadX509KeyPair("root.crt", "root.key")
inter, err := tls.LoadX509KeyPair("inter.crt", "inter.key")
server, err := tls.LoadX509KeyPair("server.crt", "server.key")

config := tls.Config{
   Certificates : []tls.Certificates{root, inter, server}
}
config.BuildNameFromCertificates()

Am I missing something obvious ? Does the order matter ?

  • 写回答

1条回答 默认 最新

  • doupao5296 2016-12-01 15:50
    关注

    your server.crt file can contain the entire chain [plus you don't want your server to have the inter or root keys], in server.crt you can have

    -----BEGIN CERTIFICATE-----
[server cert]
-----END CERT-----
 ----BEGIN CERTIFICATE-----
[inter cert]
-----END CERT-----

    The root cert shouldn't be in the chain served from the server, just the server + intermediate[s].

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 iOS绕地区网络检测
  • ¥15 python验证码滑块图像识别
  • ¥15 根据背景及设计要求撰写设计报告
  • ¥15 QT6颜色选择对话框显示不完整
  • ¥20 能提供一下思路或者代码吗
  • ¥15 用twincat控制!
  • ¥15 请问一下这个运行结果是怎么来的
  • ¥15 单通道放大电路的工作原理
  • ¥30 YOLO检测微调结果p为1
  • ¥15 DS18B20内部ADC模数转换器