Specify the Authority Key ID and Subject Key ID

author: Grégoire Duchêne <gduchene@awhk.org> 2020-06-13 13:23:43 +0100
committer: Grégoire Duchêne <gduchene@awhk.org> 2020-06-13 13:23:43 +0100
commit: fec23dc86f8840e368509159d9c13578d3c33dc4 (patch)
tree: 4ebb832733d63246fcc57627abe0b28e2d75ec33
parent: 6365f95d7b0fac8d583af2617f33cd43929b0eb5 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/main.go b/main.go
index affb784..5fd8c06 100644
--- a/main.go
+++ b/main.go
@@ -210,6 +210,8 @@ func main() {
 			Organization:       org,
 			OrganizationalUnit: unit,
 		},
+		// See RFC 5280§4.2.1.2, a unique value is sufficient.
+		SubjectKeyId: newSerial().Bytes(),
 	}
 	parentKey := key
 	parentCert := tmpl
@@ -232,6 +234,7 @@ func main() {
 		if err != nil {
 			log.Fatalln("error: could not parse the CA certificate:", err)
 		}
+		tmpl.AuthorityKeyId = parentCert.SubjectKeyId
 	}
 	if tmpl.NotBefore.Before(parentCert.NotBefore) {
 		log.Fatalf("error: certificate starts before (%v) its parent (%v)",
author	Grégoire Duchêne <gduchene@awhk.org>	2020-06-13 13:23:43 +0100
committer	Grégoire Duchêne <gduchene@awhk.org>	2020-06-13 13:23:43 +0100
commit	fec23dc86f8840e368509159d9c13578d3c33dc4 (patch)
tree	4ebb832733d63246fcc57627abe0b28e2d75ec33
parent	6365f95d7b0fac8d583af2617f33cd43929b0eb5 (diff)