I am trying to build a Go (golang) program that will run https application.
I am really having trouble with SSL intermediate certificate and don't know where the problem, is it from my certificate or from Go language application.
So, I have from my SSL CA providers two certificate files : the server certificate, and intermediate certificate.
So, I am trying to load these certificates from my go code like this:
tlsConfig := &tls.Config{}
tlsConfig.Certificates = make([]tls.Certificate, 2)
var err error
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(serverCertificate, privateKey)
if err != nil {
log.Fatal(err)
}
tlsConfig.Certificates[1], err = tls.LoadX509KeyPair(intermeddiateCertificate, privateKey)
if err != nil {
log.Fatal(err)
}
tlsConfig.BuildNameToCertificate()
server := &http.Server{
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
TLSConfig: tlsConfig,
Addr: ":443,
}
app.RunServer(server)
the code fails on the second load of certificate on this line
tls.LoadX509KeyPair(intermeddiateCertificate, privateKey)
The error is the certificate doesn't match the private key.
Does the intermediate certificate should match the private key in SSL/TLS world?
or it doesn't have to. And in case doesn't have to, then how to load the certificate without a private key?
should I return back to my CA and tell them how come the intermediate certifcate doesn't match the private key?