How to add a SAN extension to a certificate using Go

Question

How to add a SAN extension to a certificate using Go

I need to specify the registeredID in the certificate.

Therefore, I add this to the configuration file when the sign certificate uses OpenSSL.

[ alternate_names ]
DNS.1 = localhost
RID.1 = 1.2.3.4.5.5

Here 1.2.3.4.5.5is the OID.

I followed How to format an OID Subject Alt element name record in an openssl.cnf file in a stack overflow.

Now I want to generate a certificate in Go. Below is my current configuration

cfg := cert.Config{
    CommonName:   name,
    Organization: []string{"Elasticsearch Operator"},
    AltNames: cert.AltNames{
        DNSNames: []string{
            "localhost",
        },
    },
    Usages: []x509.ExtKeyUsage{
        x509.ExtKeyUsageServerAuth,
        x509.ExtKeyUsageClientAuth,
    },
}

In this configuration, how can I add an OID number.

+4

go openssl x509certificate

aerokite Feb 16 '18 at 8:15

source share

1 answer

aerokite · Answer 1 · 2018-02-17T06:20:44+0000

There is no direct way to add OBJECT IDENTIFIER to a certificate using Go.

We have found our own solution.

Go provides the ability to add additional SAN information to a certificate

x509.Certificate{
    ExtraExtensions: []pkix.Extension{
        {
            // Here, We add SAN additional with specific ID
        },
    },
}

2.5.29.17 - , OID SAN 2.5.29.17

, ID 1.2.3.4.5.5 SAN. RID #8. ( 2.5.29.17)

, []byte{0x88, 0x05, 0x2A, 0x03, 0x04, 0x05, 0x05}

0x88 - - #8
0x05 -
0x2A, 0x03, 0x04, 0x05, 0x05 - 1.2.3.4.5.5
- 0x2A 42, 40 * 1 + 2, 1 2 - ID.

,

rawValue := []asn1.RawValue{
    {FullBytes: []byte{0x88, 0x05, 0x2A, 0x03, 0x04, 0x05, 0x05}},
}
rawByte, _ := asn1.Marshal(rawValue)

_ = x509.Certificate{
    ExtraExtensions: []pkix.Extension{
        {
            Id:    asn1.ObjectIdentifier{2, 5, 29, 17},
            Value: rawByte,
        },
    },
}

How to add a SAN extension to a certificate using Go

More articles: