小能豆

Create a CSR with OU separated by comma instead of plus character

go

I am trying to create a certificate signing request in go using the crypto lib. The problem is it generates the CSR with OU separated by +, i.e.

Subject: O = Example Org, OU = OU1 + OU = OU2, CN = example.com

How can I generate the CSR with OU separated by , like

Subject: O = Example Org, OU = OU1, OU = OU2, CN = example.com

Producing OU separated by + seems to be default behaviour of crypto lib. Can this be done using crypto lib? If no, then is there any other lib that can generate CSR with OU separated by ,

I tried generating the CSR using below code

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/pem"
    "fmt"
    "os"
)

func main() {
    privKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrTemplate := x509.CertificateRequest{
        Subject: pkix.Name{
            CommonName:         "example.com",
            Organization:       []string{"Example Org"},
            OrganizationalUnit: []string{"OU1", "OU2"},
        },
        EmailAddresses: []string{"test@example.com"},
    }

    csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, privKey)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrPem := pem.EncodeToMemory(&pem.Block{
        Type:  "CERTIFICATE REQUEST",
        Bytes: csrBytes,
    })

    fmt.Println(string(csrPem))
}

阅读 76

收藏
2023-12-20

共1个答案

小能豆

The standard library crypto/x509 in Go uses the pkix.Name type for specifying distinguished names in certificates and certificate requests. The OrganizationalUnit field of pkix.Name is a slice of strings, and the order in which you provide the organizational units (OU) will determine the order in the generated CSR.

Here’s how you can modify your code to have organizational units separated by commas:

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "crypto/x509/pkix"
    "encoding/pem"
    "fmt"
    "os"
    "strings"
)

func main() {
    privKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrTemplate := x509.CertificateRequest{
        Subject: pkix.Name{
            CommonName:         "example.com",
            Organization:       []string{"Example Org"},
            OrganizationalUnit: []string{"OU1", "OU2"},
        },
        EmailAddresses: []string{"test@example.com"},
    }

    // Modify the OrganizationalUnit field to join units with commas
    csrTemplate.Subject.OrganizationalUnit = []string{strings.Join(csrTemplate.Subject.OrganizationalUnit, ", ")}

    csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, privKey)
    if err != nil {
        fmt.Println(err)
        os.Exit(1)
    }

    csrPem := pem.EncodeToMemory(&pem.Block{
        Type:  "CERTIFICATE REQUEST",
        Bytes: csrBytes,
    })

    fmt.Println(string(csrPem))
}

In this modification, I use strings.Join to concatenate the organizational units with commas before assigning it back to the OrganizationalUnit field of the pkix.Name struct. This should generate the CSR with organizational units separated by commas.

2023-12-20