[SOLVED] How to load certificate from file?

Hello good day,

I just want to ask help how I can load certificate from file. It is a single certificate authority file. I already tried googling it but i cant find any samples.


Does tls.LoadX509KeyPair do what you need?

If not, please describe your use case and certificate types. Code (even if it doesn’t work) helps.

I think not, because I am trying a load crt file.

I tried this approach

var f = "f:/GIAG3.crt"
	r, _ := ioutil.ReadFile(f)
	block, _ := pem.Decode(r)

	cert, err := x509.ParseCertificate(block.Bytes)

I dont know if that is right, and tried to get the private key of the CA to use for signing x509.CreateCertificateRequest but I don’t know how.

Were there any errors?

I notice you ignored the errors returned by ioutil.ReadFile and pem.Decode. There is also no error handling for the one returned by x509.ParseCertificate.

That approach looks like it could be right.

actually there is no errors

I just ignore it, because i am just doing for testing.

Also I can parse the certificate successfully, but it seems I cant get the private key of it.
I tried using x509.ParsePKCS1PrivateKey and passing the block.Bytes it will just return an empty array.

btw the GIAG3.crt is downloaded from google pki

I just ignore it, because i am just doing for testing.

You don’t know there were no errors because you ignored them. I don’t know there were no errors because you ignored them. Anyone trying to help you has to assume there are errors unless we are shown otherwise because returned errors frequently tell what is going wrong. Showing that errors were checked and that none were encountered tells me what is working, and therefore not the cause of your problem. If you don’t want to think about error handling while you are trying something out, use this method: https://pocketgophers.com/error-checking-while-prototyping/.


GIAG3.crt from https://pki.goog is one of Google’s subordinate CA certificates. It does not include a private key because you (or anyone else) would be able to sign another certificate with it.

1 Like

Sorry about that, but my code here have the error checking, I just exclude it on the post, to make it small, but also valid.

We can’t see anything about the code (or setup) you have other than what you tell us. Assuming you did everything correctly would also mean you would not have a question.

Assuming you have your certificate file in a string, from the -----BEGIN CERTIFICATE----- line to the -----END CERTIFICATE----- line inclusive, the following code works using crypto/rsa and crypto/x509.

// pemToRSA turns a PEM-encoded RSA public key into an rsa.PublicKey value.
// Intended for use on startup, so panics if any part of the decoding fails.
func pemToRSA(pemtxt string) *rsa.PublicKey {
  var pubkey *rsa.PublicKey
  block, _ := pem.Decode([]byte(pemtxt))
  cert, err := x509.ParseCertificate(block.Bytes)
  if err != nil {
  pubkey = cert.PublicKey.(*rsa.PublicKey)
  return pubkey

Implementing gentler error handling is left to the reader.

thanks @mathew

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.