Documentation ¶
Overview ¶
Package certsetup with server side creation of self signed certificate chain using ECDSA Credits: https://gist.github.com/shaneutt/5e1995295cff6721c89a71d13a71c251 keys
Index ¶
- Constants
- func CreateCertificateBundle(names []string, certFolder string, forceNewCerts bool) error
- func CreateHubCA() (cert *x509.Certificate, key *ecdsa.PrivateKey)
- func CreateHubClientCert(clientID string, ou string, ownerPubKey *ecdsa.PublicKey, ...) (clientCert *x509.Certificate, err error)
- func CreateHubServerCert(names []string, caCert *x509.Certificate, caPrivKey *ecdsa.PrivateKey) (cert *tls.Certificate, err error)
Constants ¶
const CertOrgLocality = "WoST zone"
const CertOrgName = "WoST"
CertOrgName is the certificate organization name
const DefaultCertDurationDays = 365
const DefaultPluginClientID = "plugin"
DefaultPluginClientID in the certificate is standard for all plugins
const TempCertDurationDays = 1
Variables ¶
This section is empty.
Functions ¶
func CreateCertificateBundle ¶
CreateCertificateBundle is a convenience function to create the Hub CA, server and (plugin) client certificates into the given folder.
The CA certificate will only be created if missing
The plugin keys and certificate will be recreated if forceNewCerts is true
The service keys and certificate will be recreated if forceNewCerts is true
names contain the list of hostname and ip addresses the hub can be reached at. Used in hub cert. certFolder where to create the certificates forceNewCerts generate new client and server certificate, signed by the CA
func CreateHubCA ¶
func CreateHubCA() (cert *x509.Certificate, key *ecdsa.PrivateKey)
CreateHubCA creates WoST Hub Root CA certificate and private key for signing server certificates Source: https://shaneutt.com/blog/golang-ca-and-signed-cert-go/ This creates a CA certificate used for signing client and server certificates. CA is valid for 'caDurationYears'
temporary set to generate a temporary CA for one-off signing
func CreateHubClientCert ¶
func CreateHubClientCert(clientID string, ou string, ownerPubKey *ecdsa.PublicKey, caCert *x509.Certificate, caPrivKey *ecdsa.PrivateKey, start time.Time, durationDays int) (clientCert *x509.Certificate, err error)
CreateHubClientCert creates a hub client certificate for mutual authentication from client's public key The client role is intended to for role based authorization. It is stored in the certificate OrganizationalUnit. See OUxxx
This generates a TLS client certificate with keys
clientID used as the CommonName, eg pluginID or deviceID ou of the client role, eg OUNone, OUClient, OUPlugin ownerPubKey the public key of the certificate holder caCert CA's certificate for signing caPrivKey CA's ECDSA key for signing start time the certificate is first valid. Intended for testing. Use time.now() durationDays nr of days the certificate will be valid
Returns the signed TLS certificate or error
func CreateHubServerCert ¶
func CreateHubServerCert(names []string, caCert *x509.Certificate, caPrivKey *ecdsa.PrivateKey) (cert *tls.Certificate, err error)
CreateHubServerCert creates a new Hub service certificate and private key The certificate is valid for the given names either local domain name and IP addresses. The server must have a fixed IP.
names contains one or more domain names and/or IP addresses the Hub can be reached on, to add to the certificate caCert is the CA to sign the server certificate caPrivKey is the CA private key to sign the server certificate
returns the signed Server TLS certificate
Types ¶
This section is empty.