Greetings to all,
to begin with, I would like to apologize since might not really be a direct Go related question, but I would guess some might have experience with my issue.
I would like to use SSLfor my web project; I have certificate for foo.bar domain (SSL is installed via CPanel, issued by Comodo). I have private key, public key and CA. Now, as I understood from documentation, I should concatenate public key and CA; otherwise, as it currently is, for every request I “http: TLS handshake error from a.b.c.d:x: remote error: tls: unknown certificate authority” error.
My TLSConf looks like this:
cfg := &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
ServerName: "foo.bar",
}
However, when I either manually concatenate those certificates or use “bundled” one provided from my CA, I get “tls: private key does not match public key”
So, basically, by having private key, public certificate and CA certificate, what would be the proper way to obtain “new”(?) key for the bundled/concatenated certificate? Or am I doing something completely wrong to begin with?
Thanks in advance for any assistance or hints,
Bruno
Edit: so apparently, this is the solution (at least in my case) - I originally got two files that came as my certificate - one being “bundle” and the other certificate itself. My misunderstanding was that “bundle” already contains my foo.bar certificate itself. The fact is, however, that foo.bar certificate has to be added as an “end-entity” to the before mentioned bundle. That way, my private key works as expected, as well as the Go SSL server support!
Hope this will help someone else!