I have a GOlang http server which uses self-signed tls certificate. I have one such pair of certificate and key. Now, say I have a similar certificate and key pair. I would like to detect whether these two pairs were issued by two different CA? I don't have access to the CA certificates in this case. I can assume that the chain length = 1.
I tried to check the Certificate.Issuer structure. But I see no difference there. How can I do this?
Thanks.
分享 The SubjectKeyId fields will be different for two distinct certificates.
This field is a hash of the public key:
The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).
https://tools.ietf.org/html/rfc3280#section-4.2.1.2
For certificates that are not self-signed one would follow the AuthorityKeyId fields all the way to the root certificate(s) and then check the certificate chains for common members, again using the subject keys.
分享
