0

So for a long while i have been trying to create a chain of trust in Go. I used this code to create the certificate https://golang.org/src/crypto/tls/generate_cert.go But if i set the isCA to false the certificate file in the browser will be empty and my browser will display an error saying: SEC_ERROR_UNKNOWN_ISSUER. How can i specify where it should check the certificate? I looked at alot of examples but still don’t really understand how it should work. I tried using my own generated server CA and pasted a random intermediate CA under it but it doesn’t know where to check. I know it will deny the certificate, but i’m just trying to understand how the chain works in Go. I don’t know how to use a chain certificate in Go should i use the issuer in template or subject or aren’t those important etc. Does anyone have a example or could point me in the right direction? Thanks.

This is what i am trying to achieve (doesn’t matter if the rootCA is self signed it’s just for testing purposes) Click for image

JimB
  • 104,193
  • 13
  • 262
  • 255
StackingLua
  • 33
  • 1
  • 7
  • 2
    Yes, if you want a cert to be a CA, it's needs to have the `CA` flag and `KeyUsageCertSign`, so if you turn that off it worn't work like you say. What problem are you having exactly? Please create an [mcve] that explains your problem. – JimB Nov 20 '17 at 14:30
  • Well instead of the chain i want to get like in google i get a single blank line instead. The code i use is the same as i have linked above. However i get a blank line when i set the ca to false. And i can't find out why. – StackingLua Nov 20 '17 at 14:36
  • please take a look at this example: https://stackoverflow.com/questions/42643048/signing-certificate-request-with-certificate-authority – R.J. Nov 22 '17 at 12:48

0 Answers0