使用golang生成证书

在k8s的源码里看的，记录一下

package mainimport ("bytes"cryptorand "crypto/rand""crypto/rsa""crypto/x509""crypto/x509/pkix""encoding/pem""fmt""math/big""net""time"
)func main() {ip := []byte("192.168.100.1")alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes", "localhost"}cert, key, _ := GenerateSelfSignedCertKey("10.10.10.10", []net.IP{ip}, alternateDNS)fmt.Println(string(cert), string(key))}func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error) {priv, err := rsa.GenerateKey(cryptorand.Reader, 2048)if err != nil {return nil, nil, err}template := x509.Certificate{SerialNumber: big.NewInt(1),Subject: pkix.Name{CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),},NotBefore: time.Now(),NotAfter:  time.Now().Add(time.Hour * 24 * 365),KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},BasicConstraintsValid: true,IsCA: true,}if ip := net.ParseIP(host); ip != nil {template.IPAddresses = append(template.IPAddresses, ip)} else {template.DNSNames = append(template.DNSNames, host)}template.IPAddresses = append(template.IPAddresses, alternateIPs...)template.DNSNames = append(template.DNSNames, alternateDNS...)derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, &template, &priv.PublicKey, priv)if err != nil {return nil, nil, err}// Generate certcertBuffer := bytes.Buffer{}if err := pem.Encode(&certBuffer, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {return nil, nil, err}// Generate keykeyBuffer := bytes.Buffer{}if err := pem.Encode(&keyBuffer, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {return nil, nil, err}return certBuffer.Bytes(), keyBuffer.Bytes(), nil
}

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！