Go

Go: create a CSR file

Gabriele Romanato
By Gabriele Romanato Published: August 20, 2023
Go: create a CSR file

In this article, we will explore how to generate a CSR file using the Go programming language.

A Certificate Signing Request (CSR) is a cryptographic file used to request the signing of a Secure Socket Layer (SSL) certificate from a certificate authority (CA). SSL certificates are essential for establishing secure connections on the Internet and ensuring that information exchanged between a server and a client is encrypted and protected. In this article, we will explore how to generate a CSR file using the Go programming language.

A CSR, or Certificate Signing Request, is a request sent to a certificate authority to obtain a digital certificate. This certificate is essential for establishing the security of online communications, such as HTTPS connections. The certificate contains the applicants public key and some identifying information. The certification authority signs the certificate with its private key, guaranteeing the authenticity of the information contained.

A CSR requires a private key. Using Gos crypto/rsa package, you can generate a private key as follows: 


package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "encoding/pem"
    "os"
)

func main() {
    privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        panic(err)
    }

    privateKeyFile, err := os.Create("private-key.pem")
    if err != nil {
        panic(err)
    }
    defer privateKeyFile.Close()

    privateKeyBlock := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
    err = pem.Encode(privateKeyFile, privateKeyBlock)
    if err != nil {
        panic(err)
    }
}

This code will generate a 2048 bit RSA private key and save it in a file called private-key.pem .

Once the private key is generated, the CSR can be created using the crypto/x509 package: 


package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "encoding/pem"
    "os"
)

func main() {
    // ... codice per la generazione della chiave privata ...

    csrTemplate := x509.CertificateRequest{
        Subject: pkix.Name{
            CommonName: "example.com",
        },
        DNSNames: []string{"example.com", "www.example.com"},
    }

    csrDER, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, privateKey)
    if err != nil {
        panic(err)
    }

    csrFile, err := os.Create("csr.pem")
    if err != nil {
        panic(err)
    }
    defer csrFile.Close()

    csrBlock := &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrDER}
    err = pem.Encode(csrFile, csrBlock)
    if err != nil {
        panic(err)
    }
}

In this example, an x509.CertificateRequest object was created to define CSR information, such as the root domain name and alternate domain names. The code will then generate the CSR and save it in a file called csr.pem .

Conclusions

Generating a CSR is an essential step in obtaining an SSL certificate from a certificate authority. Using the Go programming language and the cryptographic libraries offered by its standard library, a CSR file and associated private key can be easily generated. This process is essential to ensure the security of online communications and the protection of sensitive information exchanged between servers and clients.

Gabriele Romanato
Gabriele Romanato

Full Stack web developer with JavaScript, PHP, Python and Java. Creating apps and websites with Node.js, Laravel, Flask, Django, Spring Boot and React. Working online since 2008.