Beispiel #1
0
func newCert(host string) (pair *certKeyPair, err error) {
	log.Println("Create cert for host:", host)
	key, err := pkix.CreateRSAKey(1024)
	if err != nil {
		log.Println("Create RSA key failed:", err)
		return nil, err
	}
	csr, err := pkix.CreateCertificateSigningRequest(key, host, host)
	if err != nil {
		log.Println("Create CSR failed:", err)
		return nil, err
	}
	info := &pkix.CertificateAuthorityInfo{big.NewInt(certserid)}
	certserid++
	capair := loadCA()
	crtHost, err := pkix.CreateCertificateHost(capair.cert, info, capair.key, csr)
	if err != nil {
		log.Println("Create cert failed:", err)
		return nil, err
	}
	err = depot.PutCertificateHost(certLib, host, crtHost)
	if err != nil {
		log.Println("Save cert failed:", err)
		return nil, err
	}
	err = depot.PutPrivateKeyHost(certLib, host, key)
	if err != nil {
		log.Println("Save key failed:", err)
		return nil, err
	}
	return &certKeyPair{crtHost, key}, nil
}
Beispiel #2
0
func genCA() *certKeyPair {
	log.Println("Generate CA")
	key, err := pkix.CreateRSAKey(2048)
	if err != nil {
		log.Fatalln("Create RSA key failed:", err)
		return nil
	}
	crt, _, err := pkix.CreateCertificateAuthority(key)
	if err != nil {
		log.Fatalln("Create CA failed:", err)
		return nil
	}

	if err = depot.PutCertificateAuthority(certLib, crt); err != nil {
		log.Fatalln("Save CA failed:", err)
		return nil
	}
	if err = depot.PutEncryptedPrivateKeyAuthority(certLib, key, passphrase); err != nil {
		log.Fatalln("Save CA private key failed:", err)
		return nil
	}
	return &certKeyPair{crt, key}
}