作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我有一个编码的 x509 证书,我想更新 CommonName(又名主题或主机名)。
这是我到目前为止的代码(简化):
import (
"crypto/tls",
"crypto/x509"
)
...
// parses a public/private key pair from a pair of PEM encoded data
c, _ := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
// parse into a x509 cert object
cert, _ := x509.ParseCertificate(c.Certificate[0])
// I want to modify the Subject here
// I want to encode it back to PEM encoded data of type []bytes
...
最佳答案
您可以创建一个新证书,其代码如下所示。为此,您需要 CA 私钥:
func GenerateCertificate(ca *x509.Certificate, caKey crypto.PrivateKey, req x509.CertificateRequest, durYear, durMonth int, keyUsage x509.KeyUsage, extKeyUsage []x509.ExtKeyUsage, rsaKeySize int) (certificate, key *pem.Block, err error) {
cert := &x509.Certificate{
Version: req.Version,
SerialNumber: RandomBigInt(),
Subject: req.Subject,
Extensions: req.Extensions,
ExtraExtensions: req.ExtraExtensions,
DNSNames: req.DNSNames,
EmailAddresses: req.EmailAddresses,
IPAddresses: req.IPAddresses,
URIs: req.URIs,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(durYear, durMonth, 0),
ExtKeyUsage: extKeyUsage,
KeyUsage: keyUsage,
}
priv, _ := rsa.GenerateKey(rand.Reader, rsaKeySize)
pub := &priv.PublicKey
var data []byte
data, err = x509.CreateCertificate(rand.Reader, cert, ca, pub, caKey)
if err != nil {
return
}
// Public key
certificate = &pem.Block{Type: "CERTIFICATE", Bytes: data}
// Private key
key = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}
return
}
subject := pkix.Name{CommonName:"name"}
cert, certKey, err := GenerateCertificate(caCert, key, x509.CertificateRequest{Subject: subject}, 1, 0, x509.KeyUsageDigitalSignature,
[]x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 2048)
func GenerateCA(subject pkix.Name, duryear, durmonth int, rsaKeySize int) (certificate, key *pem.Block, err error) {
ca := &x509.Certificate{
SerialNumber: RandomBigInt(),
Subject: subject,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(duryear, durmonth, 0),
IsCA: false, // or true?
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
}
priv, _ := rsa.GenerateKey(rand.Reader, rsaKeySize)
pub := &priv.PublicKey
var data []byte
data, err = x509.CreateCertificate(rand.Reader, ca, ca, pub, priv)
if err != nil {
return
}
// Public key
certificate = &pem.Block{Type: "CERTIFICATE", Bytes: data}
// Private key
key = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}
return
}
关于go - 使用更新的 CommonName 重新生成新的 x509 证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60293089/
到目前为止,我一直在使用我添加到 SoapUI 5.2 项目的证书,它使我能够访问预生产服务器。但是,现在我已准备好转移到生产环境,我正在尝试使用 SoapUI 检查新的生产证书,但我收到了下一个错误
from this link我得到了相同的 commonName 但它应该是不同的?! let jsonData = NSData(contentsOfURL: url!) let readableJ
我有一个编码的 x509 证书,我想更新 CommonName(又名主题或主机名)。 这是我到目前为止的代码(简化): import ( "crypto/tls", "crypto
尝试在 Amazon EC2 实例上上传自签名证书时遇到困难。我已经使用 OpenSSL 生成了私钥和服务器证书。但是当我在 apache 的 .config 文件中配置它并重新启动服务器时,它说“R
我有一个应用程序应用程序框架,它在网络上的未命名主机之间以对等方式工作。我想对流量进行加密,所以我使用 M2Crypto 实现了一个设置,但我遇到了麻烦。我不知道在创建证书时要为“commonName
我是一名优秀的程序员,十分优秀!