How do you build a tls.Certficate chain in Go?

Question

How do you build a tls.Certficate chain in Go?

I am trying to configure a TLS server to return a certificate chain upon connection.

I want to create tls.Config with a certificate chain:

    // Certificates contains one or more certificate chains
    // to present to the other side of the connection.
    // Server configurations must include at least one certificate
    // or else set GetCertificate.
    Certificates []Certificate

Assuming my chain root -> inter -> server, I can upload each certificate myself and use a list, but only the Cert server is sent to the SSL client.

I am doing something like:

root, err := tls.LoadX509KeyPair("root.crt", "root.key")
inter, err := tls.LoadX509KeyPair("inter.crt", "inter.key")
server, err := tls.LoadX509KeyPair("server.crt", "server.key")

config := tls.Config{
   Certificates : []tls.Certificates{root, inter, server}
}
config.BuildNameFromCertificates()

Am I missing something obvious? Does order matter?

+4

ssl go

phtrivier Dec 01 '16 at 15:34

source share

1 answer

superfell · Accepted Answer · 2016-12-01T15:50:06+0000

your server.crt file can contain the whole chain [plus you don’t want your server to have intermediate or root keys], in server.crt you can have

-----BEGIN CERTIFICATE-----
[server cert]
-----END CERT-----
 ----BEGIN CERTIFICATE-----
[inter cert]
-----END CERT-----

, , + [s].

How do you build a tls.Certficate chain in Go?

More articles: