From fec23dc86f8840e368509159d9c13578d3c33dc4 Mon Sep 17 00:00:00 2001
From: Grégoire Duchêne <gduchene@awhk.org>
Date: Sat, 13 Jun 2020 13:23:43 +0100
Subject: Specify the Authority Key ID and Subject Key ID

---
 main.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/main.go b/main.go
index affb784..5fd8c06 100644
--- a/main.go
+++ b/main.go
@@ -210,6 +210,8 @@ func main() {
 			Organization:       org,
 			OrganizationalUnit: unit,
 		},
+		// See RFC 5280§4.2.1.2, a unique value is sufficient.
+		SubjectKeyId: newSerial().Bytes(),
 	}
 	parentKey := key
 	parentCert := tmpl
@@ -232,6 +234,7 @@ func main() {
 		if err != nil {
 			log.Fatalln("error: could not parse the CA certificate:", err)
 		}
+		tmpl.AuthorityKeyId = parentCert.SubjectKeyId
 	}
 	if tmpl.NotBefore.Before(parentCert.NotBefore) {
 		log.Fatalf("error: certificate starts before (%v) its parent (%v)",
-- 
cgit v1.2.3-70-g09d2