Created
April 30, 2023 11:11
-
-
Save ahmetozer/119049b6562389e8718d416cd2ed6a2e to your computer and use it in GitHub Desktop.
openvpn certificate creation with golang
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/rand" | |
| "crypto/rsa" | |
| "crypto/x509" | |
| "crypto/x509/pkix" | |
| "encoding/pem" | |
| "log" | |
| "math/big" | |
| "os" | |
| "time" | |
| ) | |
| func main() { | |
| ca := &x509.Certificate{ | |
| SerialNumber: big.NewInt(2023), | |
| Subject: pkix.Name{ | |
| Organization: []string{"Company, INC."}, | |
| Country: []string{"TR"}, | |
| Province: []string{"Istanbul"}, | |
| Locality: []string{"Kadikoy"}, | |
| StreetAddress: []string{"Bağdat Cad. No: 292/16"}, | |
| PostalCode: []string{"34728"}, | |
| CommonName: "openvpn-ca-cert", | |
| }, | |
| NotBefore: time.Now().UTC(), | |
| NotAfter: time.Now().AddDate(10, 0, 0), | |
| IsCA: true, | |
| ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, | |
| KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, | |
| BasicConstraintsValid: true, | |
| } | |
| // create ca private and public key | |
| caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) | |
| if err != nil { | |
| log.Fatalf("%s", err) | |
| } | |
| // create the CA | |
| caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) | |
| if err != nil { | |
| log.Fatalf("%s", err) | |
| } | |
| caKeyPem := pem.EncodeToMemory(&pem.Block{ | |
| Type: "RSA PRIVATE KEY", | |
| Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey), | |
| }) | |
| caCertPem := pem.EncodeToMemory(&pem.Block{ | |
| Type: "CERTIFICATE", | |
| Bytes: caBytes, | |
| }) | |
| err = os.WriteFile("ca.crt", caCertPem, 0600) | |
| if err != nil { | |
| log.Fatalf("ca cert err %s", err) | |
| } | |
| err = os.WriteFile("ca.key", caKeyPem, 0600) | |
| if err != nil { | |
| log.Fatalf("ca pem err %s", err) | |
| } | |
| //? Create cert for server side | |
| serverCert := &x509.Certificate{ | |
| SerialNumber: big.NewInt(2023), | |
| Subject: pkix.Name{ | |
| Organization: []string{"Company, INC."}, | |
| Country: []string{"TR"}, | |
| Province: []string{"Mugla"}, | |
| Locality: []string{"Marmaris"}, | |
| StreetAddress: []string{"Barbaros"}, | |
| PostalCode: []string{"48700"}, | |
| CommonName: "openvpn-server-cert", | |
| }, | |
| NotBefore: time.Now().UTC(), | |
| NotAfter: time.Now().AddDate(10, 0, 0).UTC(), | |
| SubjectKeyId: []byte{1, 2, 3, 4, 6}, | |
| ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, | |
| KeyUsage: x509.KeyUsageDigitalSignature, | |
| } | |
| serverCertPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) | |
| if err != nil { | |
| log.Fatalf("%s", err) | |
| } | |
| serverCertBytes, err := x509.CreateCertificate(rand.Reader, serverCert, ca, &serverCertPrivKey.PublicKey, caPrivKey) | |
| if err != nil { | |
| log.Fatalf("%s", err) | |
| } | |
| serverKeyPem := pem.EncodeToMemory(&pem.Block{ | |
| Type: "RSA PRIVATE KEY", | |
| Bytes: x509.MarshalPKCS1PrivateKey(serverCertPrivKey), | |
| }) | |
| serverCertPem := pem.EncodeToMemory(&pem.Block{ | |
| Type: "CERTIFICATE", | |
| Bytes: serverCertBytes, | |
| }) | |
| err = os.WriteFile("server.key", serverKeyPem, 0600) | |
| if err != nil { | |
| log.Fatalf("ca err %s", err) | |
| } | |
| err = os.WriteFile("server.crt", serverCertPem, 0600) | |
| if err != nil { | |
| log.Fatalf("ca err %s", err) | |
| } | |
| //? Create cert for client side | |
| clientCert := &x509.Certificate{ | |
| SerialNumber: big.NewInt(2023), | |
| Subject: pkix.Name{ | |
| Organization: []string{"Company, INC."}, | |
| Country: []string{"TR"}, | |
| Province: []string{"Istanbul"}, | |
| Locality: []string{"Besiktas"}, | |
| StreetAddress: []string{"Ciragan cad"}, | |
| PostalCode: []string{"34349"}, | |
| CommonName: "ahmet.ozer@localhost", | |
| }, | |
| NotBefore: time.Now().UTC(), | |
| NotAfter: time.Now().AddDate(10, 0, 0).UTC(), | |
| SubjectKeyId: []byte{1, 2, 3, 4, 6}, | |
| ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, | |
| KeyUsage: x509.KeyUsageDigitalSignature, | |
| Issuer: ca.Issuer, | |
| } | |
| clientCertPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) | |
| if err != nil { | |
| log.Fatalf("%s", err) | |
| } | |
| clientCertBytes, err := x509.CreateCertificate(rand.Reader, clientCert, ca, &clientCertPrivKey.PublicKey, caPrivKey) | |
| if err != nil { | |
| log.Fatalf("%s", err) | |
| } | |
| clientKeyPem := pem.EncodeToMemory(&pem.Block{ | |
| Type: "RSA PRIVATE KEY", | |
| Bytes: x509.MarshalPKCS1PrivateKey(clientCertPrivKey), | |
| }) | |
| clientCertPem := pem.EncodeToMemory(&pem.Block{ | |
| Type: "CERTIFICATE", | |
| Bytes: clientCertBytes, | |
| }) | |
| err = os.WriteFile("client.key", clientKeyPem, 0600) | |
| if err != nil { | |
| log.Fatalf("client key err %s", err) | |
| } | |
| err = os.WriteFile("client.crt", clientCertPem, 0600) | |
| if err != nil { | |
| log.Fatalf("client cert err %s", err) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment