I'm trying to configure a TLS server to return a Certificate chain on connection.
I want to create a tls.Config, with a Certificate chain :
// Certificates contains one or more certificate chains // to present to the other side of the connection. // Server configurations must include at least one certificate // or else set GetCertificate. Certificates []Certificate
Assuming my chain is root -> inter -> server
, I can load each certificate independently, and use a list, but only serverCert is sent to the SSL client.
I'm doing something along the lines of :
root, err := tls.LoadX509KeyPair("root.crt", "root.key")
inter, err := tls.LoadX509KeyPair("inter.crt", "inter.key")
server, err := tls.LoadX509KeyPair("server.crt", "server.key")
config := tls.Config{
Certificates : []tls.Certificates{root, inter, server}
}
config.BuildNameFromCertificates()
Am I missing something obvious ? Does the order matter ?
your server.crt file can contain the entire chain [plus you don't want your server to have the inter or root keys], in server.crt you can have
-----BEGIN CERTIFICATE-----
[server cert]
-----END CERT-----
----BEGIN CERTIFICATE-----
[inter cert]
-----END CERT-----
The root cert shouldn't be in the chain served from the server, just the server + intermediate[s].
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With