I am trying to create a certificate signing request in go using the crypto lib. The problem is it generates the CSR with OU separated by +, i.e.
+
Subject: O = Example Org, OU = OU1 + OU = OU2, CN = example.com
How can I generate the CSR with OU separated by , like
,
Subject: O = Example Org, OU = OU1, OU = OU2, CN = example.com
Producing OU separated by + seems to be default behaviour of crypto lib. Can this be done using crypto lib? If no, then is there any other lib that can generate CSR with OU separated by ,
crypto
I tried generating the CSR using below code
package main import ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "fmt" "os" ) func main() { privKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { fmt.Println(err) os.Exit(1) } csrTemplate := x509.CertificateRequest{ Subject: pkix.Name{ CommonName: "example.com", Organization: []string{"Example Org"}, OrganizationalUnit: []string{"OU1", "OU2"}, }, EmailAddresses: []string{"test@example.com"}, } csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, privKey) if err != nil { fmt.Println(err) os.Exit(1) } csrPem := pem.EncodeToMemory(&pem.Block{ Type: "CERTIFICATE REQUEST", Bytes: csrBytes, }) fmt.Println(string(csrPem)) }
The standard library crypto/x509 in Go uses the pkix.Name type for specifying distinguished names in certificates and certificate requests. The OrganizationalUnit field of pkix.Name is a slice of strings, and the order in which you provide the organizational units (OU) will determine the order in the generated CSR.
crypto/x509
pkix.Name
OrganizationalUnit
OU
Here’s how you can modify your code to have organizational units separated by commas:
package main import ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "fmt" "os" "strings" ) func main() { privKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { fmt.Println(err) os.Exit(1) } csrTemplate := x509.CertificateRequest{ Subject: pkix.Name{ CommonName: "example.com", Organization: []string{"Example Org"}, OrganizationalUnit: []string{"OU1", "OU2"}, }, EmailAddresses: []string{"test@example.com"}, } // Modify the OrganizationalUnit field to join units with commas csrTemplate.Subject.OrganizationalUnit = []string{strings.Join(csrTemplate.Subject.OrganizationalUnit, ", ")} csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, privKey) if err != nil { fmt.Println(err) os.Exit(1) } csrPem := pem.EncodeToMemory(&pem.Block{ Type: "CERTIFICATE REQUEST", Bytes: csrBytes, }) fmt.Println(string(csrPem)) }
In this modification, I use strings.Join to concatenate the organizational units with commas before assigning it back to the OrganizationalUnit field of the pkix.Name struct. This should generate the CSR with organizational units separated by commas.
strings.Join