Development issues:
How to find out which types implement which interface in Golang?
How does you quickly find the implementation (s) of a interface in Golang?
Ctrl + alt+b
Ctrl +b Show Usage
Certificate Issue 1:
2018/03/09 10:44:13 check userEcaCert signature: x509: invalid signature: parent certificate cannot sign this kind of certificate
Solve:
ecaCert.BasicConstraintsValid = trueecaCert.IsCA = trueecaCert.KeyUsage = x509.KeyUsageCertSign
Certificate Issue 2:
The root certificate, the second level certificate, the third level certificate all can pass the HTTPS authentication to need to add above three parameters
D:\PROJECT>SERVER.EXE2018/03/13 09:38:39 http:tls handshake error from 127.0.0.1:56660: Tls:failed to verify client's certificate:x509:certificate signed by unknown authority (possibly because of "X509:inva Lid signature:parent Certificate Cannot sign the kind of certificate "while trying to verify candidate authority Certifi Cate "Usechaineca") Cert: = &x509. certificate{Serialnumber:big. Newint (1658), Subject:pkix. name{Country: []string{"CN"}, Organization: []string{"Usechaineca"}, OrganizationalUnit: []string{"ECA"},}, Notbefore:time. Now (), Notafter:time. Now (). Adddate (10,0,0), Subjectkeyid: []byte{1,2,3,4,6}, Extkeyusage: []x509. extkeyusage{x509. Extkeyusageclientauth, X509. Extkeyusageserverauth}, Basicconstraintsvalid:true, Isca:true, keyusage:x509. keyusagedigitalsignature|x509. Keyusagecertsign,}
If it is generated by OpenSSL, the client certificate needs to be changed to the following format:
openssl genrsa -out client.key 2048openssl req -new -key client.key -subj "/CN=client" -out client.csropenssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 5000改成:openssl genrsa -out client.key 2048openssl req -new -key client.key -subj "/CN=client" -out client.csrecho extendedKeyUsage=clientAuth > extfile.confopenssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.conf -out client.crt -days 5000