Left: | ||
Right: |
OLD | NEW |
---|---|
1 // Copyright 2009 The Go Authors. All rights reserved. | 1 // Copyright 2009 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 // Generate a self-signed X.509 certificate for a TLS server. Outputs to | 5 // Generate a self-signed X.509 certificate for a TLS server. Outputs to |
6 // 'cert.pem' and 'key.pem' and will overwrite existing files. | 6 // 'cert.pem' and 'key.pem' and will overwrite existing files. |
7 | 7 |
8 package main | 8 package main |
9 | 9 |
10 import ( | 10 import ( |
(...skipping 13 matching lines...) Expand all Loading... | |
24 | 24 |
25 func main() { | 25 func main() { |
26 flag.Parse() | 26 flag.Parse() |
27 | 27 |
28 priv, err := rsa.GenerateKey(rand.Reader, 1024) | 28 priv, err := rsa.GenerateKey(rand.Reader, 1024) |
29 if err != nil { | 29 if err != nil { |
30 log.Fatalf("failed to generate private key: %s", err) | 30 log.Fatalf("failed to generate private key: %s", err) |
31 return | 31 return |
32 } | 32 } |
33 | 33 |
34 » now := time.Seconds() | 34 » now := time.Now().In(time.UTC) |
bradfitz
2011/12/22 19:13:06
Why In(time.UTC)?
The time.Now() and time.Now().I
| |
35 | 35 |
36 template := x509.Certificate{ | 36 template := x509.Certificate{ |
37 SerialNumber: new(big.Int).SetInt64(0), | 37 SerialNumber: new(big.Int).SetInt64(0), |
38 Subject: pkix.Name{ | 38 Subject: pkix.Name{ |
39 CommonName: *hostName, | 39 CommonName: *hostName, |
40 Organization: []string{"Acme Co"}, | 40 Organization: []string{"Acme Co"}, |
41 }, | 41 }, |
42 » » NotBefore: time.SecondsToUTC(now - 300), | 42 » » NotBefore: now.Add(-300 * time.Second), |
bradfitz
2011/12/22 19:13:06
Sub(5 * time.Minute)
jra
2012/01/03 02:04:17
The docs say, "To compute t-d for a duration d, us
| |
43 » » NotAfter: time.SecondsToUTC(now + 60*60*24*365), // valid for 1 year. | 43 » » // valid for 1 year |
44 » » NotAfter: now.Add(60 * 60 * 24 * 365 * time.Second), | |
bradfitz
2011/12/22 19:13:06
Add(365 * 24 * time.Hour)
jra
2012/01/03 02:04:17
Done.
| |
44 | 45 |
45 SubjectKeyId: []byte{1, 2, 3, 4}, | 46 SubjectKeyId: []byte{1, 2, 3, 4}, |
46 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigita lSignature, | 47 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigita lSignature, |
47 } | 48 } |
48 | 49 |
49 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &templat e, &priv.PublicKey, priv) | 50 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &templat e, &priv.PublicKey, priv) |
50 if err != nil { | 51 if err != nil { |
51 log.Fatalf("Failed to create certificate: %s", err) | 52 log.Fatalf("Failed to create certificate: %s", err) |
52 return | 53 return |
53 } | 54 } |
54 | 55 |
55 certOut, err := os.Create("cert.pem") | 56 certOut, err := os.Create("cert.pem") |
56 if err != nil { | 57 if err != nil { |
57 log.Fatalf("failed to open cert.pem for writing: %s", err) | 58 log.Fatalf("failed to open cert.pem for writing: %s", err) |
58 return | 59 return |
59 } | 60 } |
60 pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) | 61 pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) |
61 certOut.Close() | 62 certOut.Close() |
62 log.Print("written cert.pem\n") | 63 log.Print("written cert.pem\n") |
63 | 64 |
64 keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC , 0600) | 65 keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC , 0600) |
65 if err != nil { | 66 if err != nil { |
66 log.Print("failed to open key.pem for writing:", err) | 67 log.Print("failed to open key.pem for writing:", err) |
67 return | 68 return |
68 } | 69 } |
69 pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.Marsh alPKCS1PrivateKey(priv)}) | 70 pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.Marsh alPKCS1PrivateKey(priv)}) |
70 keyOut.Close() | 71 keyOut.Close() |
71 log.Print("written key.pem\n") | 72 log.Print("written key.pem\n") |
72 } | 73 } |
OLD | NEW |