Home > Backend Development > Golang > Create CSR with specific topic order in go

Create CSR with specific topic order in go

WBOY
Release: 2024-02-13 13:33:08
forward
1270 people have browsed it

在 go 中创建具有特定主题顺序的 CSR

In Go language, creating a CSR (Certificate Signing Request) with a specific subject order is an important task. A CSR is a file used to apply for a digital certificate from a Certificate Authority (CA). By creating the CSR correctly, we can ensure that the subjects in the certificate (such as domain name, organization name, etc.) are ordered according to our requirements. In Go language, we can use x509 package to create and process CSR. In this article, php editor Xiaoxin will introduce you to the detailed steps to help you easily create a CSR with a specific theme order in Go.

Question content

I'm trying to create a certificate signing request in go using the cryptographic library. The CSR generated by has the subject "Subject: C = IN, L = loc, O = Example Org, OU = OU1 OU = OU2, CN = example.com". I want to change the order of the topics to "Topics: C=IN, O=Example Org, OU=OU1 OU=OU2, L=loc, CN=example.com".

I generated the CSR using the following code.

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/pem"
    "fmt"
    "os"
)

func main() {
    privKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrTemplate := x509.CertificateRequest{
        Subject: pkix.Name{
            Country:            []string{"IN"},
            Organization:       []string{"Example Org"},
            OrganizationalUnit: []string{"OU1", "OU2"},
            Locality:           []string{"loc"},
            CommonName:         "example.com",
        },
        EmailAddresses: []string{"[email protected]"},
    }

    csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, privKey)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrPem := pem.EncodeToMemory(&pem.Block{
        Type:  "CERTIFICATE REQUEST",
        Bytes: csrBytes,
    })

    fmt.Println(string(csrPem))
}
Copy after login

This code generates a CSR with the subject "Subject: C = IN, L = loc, O = Example Organization, OU = OU1 OU = OU2, CN = example.com". I can generate a CSR

with the desired topic order using the openssl command below
openssl req -new -sha256 -key my-private-key.pem -out my-csr1.pem -subj '/C=IN/O=Org/OU=OU1/OU=OU2/L=loc/CN=example.com'
Copy after login

How to do the same thing in Go?

Workaround

I'm not sure why you want to put the RDNs in the topic in this specific order. In my opinion, any software that relies on a specific order is somewhat broken. Of course, broken software exists, and sometimes the only way is to fix it.

There is also a way to do this using golang. But you can't simply use the matching field names in pkix.Name because those names will be serialized in a fixed order. To get your own order you need to use ExtraNames and then provide the RDNs in the order you need:

var (
        oidCountry            = []int{2, 5, 4, 6}
        oidOrganization       = []int{2, 5, 4, 10}
        oidOrganizationalUnit = []int{2, 5, 4, 11}
        oidCommonName         = []int{2, 5, 4, 3}
        oidLocality           = []int{2, 5, 4, 7}
    )
    csrTemplate := x509.CertificateRequest{
        Subject: pkix.Name{
            ExtraNames: []pkix.AttributeTypeAndValue{
                { oidCountry, "IN" },
                { oidOrganization, "Example Org" },
                { oidOrganizationalUnit, "OU1" },
                { oidOrganizationalUnit, "OU2" },
                { oidLocality, "loc" },
                { oidCommonName, "example.com" },
            },
        },
        EmailAddresses: []string{"<a href="https://www.php.cn/link/89fee0513b6668e555959f5dc23238e9" class="__cf_email__" data-cfemail="4b3f2e383f0b2e332a263b272e65282426">[email&#160;protected]</a>"},
    }
Copy after login

The above is the detailed content of Create CSR with specific topic order in go. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:stackoverflow.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template