I'm trying to create with Go all-in-one utility that create csr, send it, then (after approving it by security guy) get signed certificate and finally create certificate + private for adding it to browser or system.
For now I can do all till the final cut: adding private to signed certificate. With openssl I can do it by:
openssl pkcs12 -export -out sergo.kurbanov.p12 -in sergo.kurbanov.crt -inkey sergo.kurbanov.key -name "Sergo Kurbanov"
Could anybody suggest the way how to do it in Go?
P.S. I'm use Dogtag Certificate System
I found the decision: unfortunately standard Go pkcs12 library doesn't include needed function but there is version from HashiCorp "github.com/hashicorp/packer/builder/azure/pkcs12" package with needed functionality:
// Read our key created by openssl genrsa -out... or by Go
// rsa.GenerateKey/EncryptPEMBlock...
pemKey,_ := ioutil.ReadFile("private.key")
// Convert pem to rsa key because it required for pkcs12.Encode
var rsaKey *rsa.PrivateKey
rsaKey,_ = dogtag.PemToRSA(pemKey,"our_private_secret")
// Get signed cert from dogtag CMS
var cert *x509.Certificate
cert,_ = dogtag.GetCert("0xF0F05A8")
// Create combined certificate
pfx,_ := pkcs12.Encode(cert.Raw, pemKey, "somesecret")
outFile,_ := os.Create("priv_plus_cert.p12")
defer outFile.Close()
outFile.Write(pfx)
Finally we get certificate suitable for adding to keychain or browser.