Create CSR with specific topic order in go

In Go language, creating a CSR (Certificate Signing Request) with a specific subject order is an important task. A CSR is a file used to apply for a digital certificate from a Certificate Authority (CA). By creating the CSR correctly, we can ensure that the subjects in the certificate (such as domain name, organization name, etc.) are ordered according to our requirements. In Go language, we can use x509 package to create and process CSR. In this article, php editor Xiaoxin will introduce you to the detailed steps to help you easily create a CSR with a specific theme order in Go.

Question content

I'm trying to create a certificate signing request in go using the cryptographic library. The CSR generated by has the subject "Subject: C = IN, L = loc, O = Example Org, OU = OU1 OU = OU2, CN = example.com". I want to change the order of the topics to "Topics: C=IN, O=Example Org, OU=OU1 OU=OU2, L=loc, CN=example.com".

I generated the CSR using the following code.

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/pem"
    "fmt"
    "os"
)

func main() {
    privKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrTemplate := x509.CertificateRequest{
        Subject: pkix.Name{
            Country:            []string{"IN"},
            Organization:       []string{"Example Org"},
            OrganizationalUnit: []string{"OU1", "OU2"},
            Locality:           []string{"loc"},
            CommonName:         "example.com",
        },
        EmailAddresses: []string{"[email protected]"},
    }

    csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, privKey)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrPem := pem.EncodeToMemory(&pem.Block{
        Type:  "CERTIFICATE REQUEST",
        Bytes: csrBytes,
    })

    fmt.Println(string(csrPem))
}

This code generates a CSR with the subject "Subject: C = IN, L = loc, O = Example Organization, OU = OU1 OU = OU2, CN = example.com". I can generate a CSR

with the desired topic order using the openssl command below

openssl req -new -sha256 -key my-private-key.pem -out my-csr1.pem -subj '/C=IN/O=Org/OU=OU1/OU=OU2/L=loc/CN=example.com'

How to do the same thing in Go?

Workaround

I'm not sure why you want to put the RDNs in the topic in this specific order. In my opinion, any software that relies on a specific order is somewhat broken. Of course, broken software exists, and sometimes the only way is to fix it.

There is also a way to do this using golang. But you can't simply use the matching field names in pkix.Name because those names will be serialized in a fixed order. To get your own order you need to use ExtraNames and then provide the RDNs in the order you need:

var (
        oidCountry            = []int{2, 5, 4, 6}
        oidOrganization       = []int{2, 5, 4, 10}
        oidOrganizationalUnit = []int{2, 5, 4, 11}
        oidCommonName         = []int{2, 5, 4, 3}
        oidLocality           = []int{2, 5, 4, 7}
    )
    csrTemplate := x509.CertificateRequest{
        Subject: pkix.Name{
            ExtraNames: []pkix.AttributeTypeAndValue{
                { oidCountry, "IN" },
                { oidOrganization, "Example Org" },
                { oidOrganizationalUnit, "OU1" },
                { oidOrganizationalUnit, "OU2" },
                { oidLocality, "loc" },
                { oidCommonName, "example.com" },
            },
        },
        EmailAddresses: []string{"<a href="https://www.php.cn/link/89fee0513b6668e555959f5dc23238e9" class="__cf_email__" data-cfemail="4b3f2e383f0b2e332a263b272e65282426">[email&#160;protected]</a>"},
    }

The above is the detailed content of Create CSR with specific topic order in go. For more information, please follow other related articles on the PHP Chinese website!