Intermediate certificate doesn't match private key with Go

Question

I am trying to build a Go (golang) program that will run https application.

I am really having trouble with SSL intermediate certificate and don't know where the problem, is it from my certificate or from Go language application.

So, I have from my SSL CA providers two certificate files : the server certificate, and intermediate certificate.

So, I am trying to load these certificates from my go code like this:

tlsConfig := &tls.Config{}
tlsConfig.Certificates = make([]tls.Certificate, 2)
var err error
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(serverCertificate, privateKey)
if err != nil {
    log.Fatal(err)
}
tlsConfig.Certificates[1], err = tls.LoadX509KeyPair(intermeddiateCertificate, privateKey)
if err != nil {
    log.Fatal(err)
}
tlsConfig.BuildNameToCertificate()

server := &http.Server{
    ReadTimeout:    10 * time.Second,
    WriteTimeout:   10 * time.Second,
    MaxHeaderBytes: 1 << 20,
    TLSConfig:      tlsConfig,
    Addr:           ":443,
}

   app.RunServer(server)

the code fails on the second load of certificate on this line

tls.LoadX509KeyPair(intermeddiateCertificate, privateKey)

The error is the certificate doesn't match the private key.

Does the intermediate certificate should match the private key in SSL/TLS world?

or it doesn't have to. And in case doesn't have to, then how to load the certificate without a private key?

should I return back to my CA and tell them how come the intermediate certifcate doesn't match the private key?

Answer 1

You don't have a key for the intermediate certificate, only for the server certificate. Note that I don't know much about Go, but according to Golang SSL TCP socket certificate configuration you simply include the intermediate certificate into the same PEM file as the server certificate.