Golang crypto/x509.Certificate.CreateCRL() function example

package crypto/x509

CreateCRL returns a DER encoded CRL, signed by this Certificate, that contains the given list of revoked certificates.

The only supported key type is RSA (*rsa.PrivateKey).

Golang crypto/x509.Certificate.CreateCRL() function usage example

  block, _ := pem.Decode([]byte(pemPrivateKey))
  priv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
  block, _ = pem.Decode([]byte(pemCertificate))
  cert, _ := x509.ParseCertificate(block.Bytes)

  now := time.Unix(1000, 0)
  expiry := time.Unix(10000, 0)

  revokedCerts := []pkix.RevokedCertificate{
 {
 SerialNumber: big.NewInt(1),
 RevocationTime: now,
 },
 {
 SerialNumber: big.NewInt(42),
 RevocationTime: now,
 },
 }

 crlBytes, err := cert.CreateCRL(rand.Reader, priv, revokedCerts, now, expiry)

 if err != nil {
 fmt.Println(err)
 os.Exit(1)
 }

Reference :

http://golang.org/pkg/crypto/x509/#Certificate.CreateCRL

https://www.socketloop.com/references/golang-crypto-x509-parsedercrl-function-example

  See also : Golang crypto/x509.ParseDERCRL function example

Advertisement