crypto/x509

Guided tour · Crypto · pkg.go.dev →

Parse, create, and verify X.509 certificates. The foundation of TLS and PKI.

Parsing

Read a PEM cert file

data, _ := os.ReadFile("cert.pem")
block, _ := pem.Decode(data)
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil { log.Fatal(err) }
fmt.Println(cert.Subject, cert.NotAfter)

Cert pools and verification

System cert pool

pool, _ := x509.SystemCertPool()
_, err := cert.Verify(x509.VerifyOptions{Roots: pool})

Creating self-signed certs

CreateCertificate

template := &x509.Certificate{
    SerialNumber: big.NewInt(1),
    Subject:      pkix.Name{CommonName: "localhost"},
    NotBefore:    time.Now(),
    NotAfter:     time.Now().AddDate(1, 0, 0),
    KeyUsage:     x509.KeyUsageDigitalSignature,
    ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
    DNSNames:     []string{"localhost"},
}
der, _ := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)