Reputation: 10512
How to tell two certificate pairs are issued by different CA in Golang?
I have a GOlang http server which uses self-signed tls certificate. I have one such pair of certificate and key. Now, say I have a similar certificate and key pair. I would like to detect whether these two pairs were issued by two different CA? I don't have access to the CA certificates in this case. I can assume that the chain length = 1.
I tried to check the Certificate.Issuer structure. But I see no difference there. How can I do this?
Thanks.
Upvotes: 0
Views: 188
Answers (1)
Reputation: 31720
The SubjectKeyId fields will be different for two distinct certificates.
This field is a hash of the public key:
The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits).
https://www.rfc-editor.org/rfc/rfc3280#section-4.2.1.2
For certificates that are not self-signed one would follow the AuthorityKeyId fields all the way to the root certificate(s) and then check the certificate chains for common members, again using the subject keys.
Upvotes: 1
Related Questions
- How can I verify client certificates against a CRL in Golang?
- Go: get value of 'subject/unstructeredName' from a ssl certificate
- Get remote ssl certificate in golang
- How to test if https server my client certficate in Golang
- How to verify a certificate against an issuing chain in Go?
- Golang certificate validation
- Getting RSA Public Key from Certificate in Golang
- Golang: verify cert was signed using private key
- Golang: verify x509 certificate was signed using private key that corresponds to the specified public key
- How to access the client's certificate in Go?