spki = spki[:20]
cerTmpl := x509.Certificate{
- KeyUsage: x509.KeyUsageDigitalSignature,
NotBefore: notBefore,
NotAfter: notAfter,
SerialNumber: sn,
SubjectKeyId: spki,
}
if *ca {
+ cerTmpl.BasicConstraintsValid = true
cerTmpl.IsCA = true
- cerTmpl.KeyUsage |= x509.KeyUsageCertSign
+ cerTmpl.KeyUsage = x509.KeyUsageCertSign
} else {
cerTmpl.DNSNames = []string{*cn}
+ cerTmpl.KeyUsage = x509.KeyUsageDigitalSignature
}
if caCer == nil {
&cerTmpl, caCer, pub,
&gost3410.PrivateKeyReverseDigest{Prv: caPrv.(*gost3410.PrivateKey)},
)
+ if err != nil {
+ log.Fatalln(err)
+ }
data = pem.EncodeToMemory(&pem.Block{Type: PEMCer, Bytes: data})
if *outCer == "" {
_, err = os.Stdout.Write(data)