如果你想生成自己的证书和私钥,你必须这样做:
1.- 生成私钥:
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatal("Private key cannot be created.", err.Error())
}
// Generate a pem block with the private key
keyPem := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})
2.- 生成证书:
tml := x509.Certificate{
// you can add any attr that you need
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(5, 0, 0),
// you have to generate a different serial number each execution
SerialNumber: big.NewInt(123123),
Subject: pkix.Name{
CommonName: "New Name",
Organization: []string{"New Org."},
},
BasicConstraintsValid: true,
}
cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
if err != nil {
log.Fatal("Certificate cannot be created.", err.Error())
}
// Generate a pem block with the certificate
certPem := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE",
Bytes: cert,
})
3.- 加载证书/私钥对:
tlsCert, err := tls.X509KeyPair(certPem, keyPem)
if err != nil {
log.Fatal("Cannot be loaded the certificate.", err.Error())
}
4.- 随意使用tlsCert,例如:
l, err := tls.Listen("tcp", ":8080", &tls.Config{
Certificates: []tls.Certificate{tlsCert},
})