|
@@ -4,9 +4,8 @@
|
4
|
4
|
package mkcerts
|
5
|
5
|
|
6
|
6
|
import (
|
7
|
|
- "crypto/ecdsa"
|
8
|
|
- "crypto/elliptic"
|
9
|
7
|
"crypto/rand"
|
|
8
|
+ "crypto/rsa"
|
10
|
9
|
"crypto/x509"
|
11
|
10
|
"crypto/x509/pkix"
|
12
|
11
|
"encoding/pem"
|
|
@@ -23,7 +22,10 @@ func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []
|
23
|
22
|
validFor := 365 * 24 * time.Hour
|
24
|
23
|
notAfter := validFrom.Add(validFor)
|
25
|
24
|
|
26
|
|
- priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
|
|
25
|
+ priv, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
26
|
+ if err != nil {
|
|
27
|
+ return
|
|
28
|
+ }
|
27
|
29
|
|
28
|
30
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
29
|
31
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
@@ -59,11 +61,11 @@ func CreateCertBytes(orgName string, host string) (certBytes []byte, keyBytes []
|
59
|
61
|
|
60
|
62
|
certBytes = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
61
|
63
|
|
62
|
|
- b, err := x509.MarshalECPrivateKey(priv)
|
|
64
|
+ b, err := x509.MarshalPKCS8PrivateKey(priv)
|
63
|
65
|
if err != nil {
|
64
|
|
- return nil, nil, fmt.Errorf("Unable to marshal ECDSA private key: %v", err.Error())
|
|
66
|
+ return nil, nil, fmt.Errorf("Unable to marshal private key: %v", err.Error())
|
65
|
67
|
}
|
66
|
|
- pemBlock := pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
|
68
|
+ pemBlock := pem.Block{Type: "PRIVATE KEY", Bytes: b}
|
67
|
69
|
keyBytes = pem.EncodeToMemory(&pemBlock)
|
68
|
70
|
return certBytes, keyBytes, nil
|
69
|
71
|
}
|