在 golang 中创建密钥和证书,就像 openssl 为本地主机做的一样

Create key and certificate in golang same as openssl do for local host

如何在 Go 中编写与以下 openssl 命令等效的代码?

openssl req -subj /C=/ST=/O=/L=/CN=localhost/OU=/ -x509 -nodes -days 3650  \
            -newkey rsa:4096 -keyout test.key -out test.crt

目标是根据其证书请求生成新证书。

您可以考虑 cloudflare/cfssl, which includes a cfssl.initca package, as shown here:

    var req *csr.CertificateRequest
    hostname := "cloudflare.com"
    crl := "http://crl.cloudflare.com/655c6a9b-01c6-4eea-bf21-be690cc315e0.crl" //cert_uuid.crl
    for _, param := range validKeyParams {
        for _, caconfig := range validCAConfigs {
            req = &csr.CertificateRequest{
                Names: []csr.Name{
                    {
                        C:  "US",
                        ST: "California",
                        L:  "San Francisco",
                        O:  "CloudFlare",
                        OU: "Systems Engineering",
                    },
                },
                CN:         hostname,
                Hosts:      []string{hostname, "www." + hostname},
                KeyRequest: &param,
                CA:         &caconfig,
                CRL:        crl,
            }
            certBytes, _, keyBytes, err := New(req)
            if err != nil {
                t.Fatal("InitCA failed:", err)
            }

通过这种方式找到了我的解决方案-

key, err := rsa.GenerateKey(rand.Reader, 4096)
    if err != nil {
        return "", "", err
    }
    keyBytes := x509.MarshalPKCS1PrivateKey(key)
    // PEM encoding of private key
    keyPEM := pem.EncodeToMemory(
        &pem.Block{
            Type:  "RSA PRIVATE KEY",
            Bytes: keyBytes,
        },
    )
    fmt.Println(string(keyPEM))
    
    notBefore := time.Now()
    notAfter := notBefore.Add(365*24*10*time.Hour)

    //Create certificate templet
    template := x509.Certificate{
        SerialNumber:          big.NewInt(0),
        Subject:               pkix.Name{CommonName: "localhost"},
        SignatureAlgorithm:    x509.SHA256WithRSA,
        NotBefore:             notBefore,
        NotAfter:              notAfter,
        BasicConstraintsValid: true,
        KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement | x509.KeyUsageKeyEncipherment | x509.KeyUsageDataEncipherment,
        ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
    }
    //Create certificate using templet
    derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
    if err != nil {
        return "", "", err

    }
    //pem encoding of certificate
    certPem := string(pem.EncodeToMemory(
        &pem.Block{
            Type:  "CERTIFICATE",
            Bytes: derBytes,
        },
    ))
    fmt.Println(certPem))