如何向证书添加私钥
[英]How to add private key to certificate
问题描述
I'm trying to create with Go all-in-one utility that create csr, send it, then (after approving it by security guy) get signed certificate and finally create certificate + private for adding it to browser or system. 
我正在尝试使用创建csr的Go-in-one实用程序进行创建,发送它,然后(由安全人员批准后)获得签名证书,最后创建证书+私有以将其添加到浏览器或系统中。
For now I can do all till the final cut: adding private to signed certificate. 现在,我可以做所有事情直到最终完成:在已签名的证书中添加私有证书。 With openssl I can do it by: 使用openssl我可以通过以下方式做到这一点:
openssl pkcs12 -export -out sergo.kurbanov.p12 -in sergo.kurbanov.crt -inkey sergo.kurbanov.key -name "Sergo Kurbanov"
Could anybody suggest the way how to do it in Go? 有人可以建议Go中的方法吗?
PS I'm use Dogtag Certificate System PS我正在使用Dogtag证书系统
1 个解决方案
解决方案1
0 2019-05-15 17:51:02
I found the decision: unfortunately standard Go pkcs12 library doesn't include needed function but there is version from HashiCorp "github.com/hashicorp/packer/builder/azure/pkcs12" package with needed functionality: 我发现了这个决定:不幸的是,标准的Go pkcs12库没有包含所需的功能,但是有HashiCorp的“ github.com/hashicorp/packer/builder/azure/pkcs12”软件包的版本,其中包含所需的功能:
// Read our key created by openssl genrsa -out... or by Go
// rsa.GenerateKey/EncryptPEMBlock...
pemKey,_ := ioutil.ReadFile("private.key")
// Convert pem to rsa key because it required for pkcs12.Encode
var rsaKey *rsa.PrivateKey
rsaKey,_ = dogtag.PemToRSA(pemKey,"our_private_secret")
// Get signed cert from dogtag CMS
var cert *x509.Certificate
cert,_ = dogtag.GetCert("0xF0F05A8")
// Create combined certificate
pfx,_ := pkcs12.Encode(cert.Raw, pemKey, "somesecret")
outFile,_ := os.Create("priv_plus_cert.p12")
defer outFile.Close()
outFile.Write(pfx)
Finally we get certificate suitable for adding to keychain or browser. 最后,我们获得了适合添加到钥匙串或浏览器的证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.