关于golang:golang生成TLS证书

间接上代码

package mainimport (    "crypto/rand"    "crypto/rsa"    "crypto/x509"    "crypto/x509/pkix"    "encoding/pem"    "math/big"    "net"    "os"    "time")func main() {    max := new(big.Int).Lsh(big.NewInt(1), 128)    serialNumber, _ := rand.Int(rand.Reader, max)    subject := pkix.Name{        Country:            []string{"CN"},        Province:           []string{"BeiJing"},        Organization:       []string{"Devops"},        OrganizationalUnit: []string{"certDevops"},        CommonName:         "127.0.0.1",    }    template := x509.Certificate{        SerialNumber: serialNumber,        Subject:      subject,        NotBefore:    time.Now(),        NotAfter:     time.Now().Add(365 * 24 * time.Hour),        KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,        ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},        IPAddresses:  []net.IP{net.ParseIP("127.0.0.1")},    }    pk, _ := rsa.GenerateKey(rand.Reader, 2048)    derBytes, _ := x509.CreateCertificate(rand.Reader, &template, &template, &pk.PublicKey, pk)    certOut, _ := os.Create("server.pem")    pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})    certOut.Close()    keyOut, _ := os.Create("server.key")    pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(pk)})    keyOut.Close()}

下面代码生成了一个证书和私钥，有效期为 1 年。运行程序，失去两个文件server.pem和server.key。