func generateTrustCert(key libtrust.PublicKey, parentKey PrivateKey, parent *x509.Certificate) *x509.Certificate { cert := &x509.Certificate{ SerialNumber: big.NewInt(0), Subject: pkix.Name{ CommonName: "Trust Cert", }, NotBefore: time.Now().Add(-time.Second), NotAfter: time.Now().Add(time.Hour), IsCA: true, KeyUsage: x509.KeyUsageDigitalSignature, BasicConstraintsValid: true, } certDER, err := x509.CreateCertificate( rand.Reader, cert, parent, key.CryptoPublicKey(), parentKey.CryptoPrivateKey(), ) if err != nil { panic(err) } cert, err = x509.ParseCertificate(certDER) if err != nil { panic(err) } return cert }