func newCert(host string) (pair *certKeyPair, err error) { log.Println("Create cert for host:", host) key, err := pkix.CreateRSAKey(1024) if err != nil { log.Println("Create RSA key failed:", err) return nil, err } csr, err := pkix.CreateCertificateSigningRequest(key, host, host) if err != nil { log.Println("Create CSR failed:", err) return nil, err } info := &pkix.CertificateAuthorityInfo{big.NewInt(certserid)} certserid++ capair := loadCA() crtHost, err := pkix.CreateCertificateHost(capair.cert, info, capair.key, csr) if err != nil { log.Println("Create cert failed:", err) return nil, err } err = depot.PutCertificateHost(certLib, host, crtHost) if err != nil { log.Println("Save cert failed:", err) return nil, err } err = depot.PutPrivateKeyHost(certLib, host, key) if err != nil { log.Println("Save key failed:", err) return nil, err } return &certKeyPair{crtHost, key}, nil }
func genCA() *certKeyPair { log.Println("Generate CA") key, err := pkix.CreateRSAKey(2048) if err != nil { log.Fatalln("Create RSA key failed:", err) return nil } crt, _, err := pkix.CreateCertificateAuthority(key) if err != nil { log.Fatalln("Create CA failed:", err) return nil } if err = depot.PutCertificateAuthority(certLib, crt); err != nil { log.Fatalln("Save CA failed:", err) return nil } if err = depot.PutEncryptedPrivateKeyAuthority(certLib, key, passphrase); err != nil { log.Fatalln("Save CA private key failed:", err) return nil } return &certKeyPair{crt, key} }