I am trying to create a self-signed certificate (including a private key) that I can store in the cert store without the help of Powershell. I am ok leveraging Windows API libraries using C but I am unfamiliar with how they work. I need to know how to create a certificate using Go and store that certificate in the certificate store on Windows.
I have tried building a certificate using Go libraries and have tried using Windows APIs a little bit
certificate.PrivateKey, certificate.Err = rsa.GenerateKey(rand.Reader, 2048)
if certificate.Err != nil {
logger.Lg.Errorf(certificate.Err, "Failed to generate the private key")
return
}
var serialNumber *big.Int
notBefore := time.Now()
notAfter := notBefore.Add(365 * 24 * time.Hour)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, certificate.Err = rand.Int(rand.Reader, serialNumberLimit)
if certificate.Err != nil {
logger.Lg.Errorf(certificate.Err, "Failed to generate the serial number")
return
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{""},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IsCA: true,
}
certificate.DerBytes, certificate.Err = x509.CreateCertificate(rand.Reader, &template, &template, &certificate.PrivateKey.PublicKey, certificate.PrivateKey)
if certificate.Err != nil {
logger.Lg.Errorf(certificate.Err, "Failed to create the certificate")
return
}
info, _ := pkcs12.Encode(rand.Reader, certificate.PrivateKey, &template, nil, "")
ioutil.WriteFile("a.pfx", info, 0644)
out := base64.StdEncoding.EncodeToString(info)
fmt.Println(out)