1 // Generates self-signed TLS certificates to be used a DCS production
18 func generatecert(dir
string) error
{
19 priv
, err
:= rsa
.GenerateKey(rand
.Reader
, 2048)
21 return fmt
.Errorf("failed to generate private key: %s", err
)
24 notBefore
:= time
.Now()
25 notAfter
:= notBefore
.Add(10 * 365 * 24 * time
.Hour
)
27 serialNumberLimit
:= new(big
.Int
).Lsh(big
.NewInt(1), 128)
28 serialNumber
, err
:= rand
.Int(rand
.Reader
, serialNumberLimit
)
30 return fmt
.Errorf("failed to generate serial number: %s", err
)
33 template
:= x509
.Certificate
{
34 SerialNumber
: serialNumber
,
36 Organization
: []string{"Debian Code Search"},
38 DNSNames
: []string{"localhost"},
42 KeyUsage
: x509
.KeyUsageKeyEncipherment | x509
.KeyUsageDigitalSignature | x509
.KeyUsageCertSign
,
44 BasicConstraintsValid
: true,
47 derBytes
, err
:= x509
.CreateCertificate(rand
.Reader
, &template
, &template
, &priv
.PublicKey
, priv
)
49 return fmt
.Errorf("Failed to create certificate: %s", err
)
52 certOut
, err
:= os
.Create(filepath
.Join(dir
, "cert.pem"))
54 return fmt
.Errorf("failed to open cert.pem for writing: %s", err
)
56 pem
.Encode(certOut
, &pem
.Block
{Type
: "CERTIFICATE", Bytes
: derBytes
})
59 keyOut
, err
:= os
.OpenFile(filepath
.Join(dir
, "key.pem"), os
.O_WRONLY|os
.O_CREATE|os
.O_TRUNC
, 0600)
61 return fmt
.Errorf("failed to open key.pem for writing:", err
)
63 pem
.Encode(keyOut
, &pem
.Block
{Type
: "RSA PRIVATE KEY", Bytes
: x509
.MarshalPKCS1PrivateKey(priv
)})