{"id":44772,"date":"2023-04-24T05:49:58","date_gmt":"2023-07-04T09:12:31","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/"},"modified":"2024-04-30T01:01:57","modified_gmt":"2024-04-29T17:01:57","slug":"44772-2","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/","title":{"rendered":""},"content":{"rendered":"<h1>1. \u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba<\/h1>\n<ul class=\"post-ul\">Golang \u3067\u3001\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8( CRL )\u3092\u4f5c\u308a\u305f\u3044\u4eba<\/ul>\n<h1>2. \u6982\u8981<\/h1>\n<p>\u3053\u306e\u8a18\u4e8b\u3067\u306f\u3001<br \/>\n1. Go \u3067\u79d8\u5bc6\u9375\u3068\u8a3c\u660e\u66f8\u3092\u751f\u6210<br \/>\n2. Go \u3067\u5931\u52b9\u3055\u305b\u308b\u8a3c\u660e\u66f8\u306e\u30ea\u30b9\u30c8\u3092\u751f\u6210<br \/>\n3. Go \u3067 Issuing Distribution Point \u306eExtension\u3092\u4f5c\u6210<br \/>\n4. Go \u3067\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8( CRL )\u3092\u4f5c\u6210<br \/>\n5. OpenSSL \u3067\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8( CRL )\u306e\u4e2d\u8eab\u3092\u78ba\u8a8d<br \/>\n\u3057\u307e\u3059\u3002<\/p>\n<h1>3. Golang \u3067\u81ea\u5df1\u7f72\u540d CA \u8a3c\u660e\u66f8\u3068\u79d8\u5bc6\u9375\u3092\u4f5c\u6210<\/h1>\n<p>\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u3092\u767a\u884c\u3059\u308b\u81ea\u5df1\u7f72\u540d CA \u306e\u300c\u8a3c\u660e\u66f8\u300d\u3068\u300c\u79d8\u5bc6\u9375\u300d\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<br \/>\n\u8a73\u7d30\u306a\u8aac\u660e\u306f\u3001Golang\u3067PKI\u5165\u9580 &#8211; 2 \u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002<br \/>\n\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u4f5c\u6210\u6642\u306b\u5f15\u6570\u3067\u5fc5\u8981\u306b\u306a\u308b\u306e\u3067\u3001\u79d8\u5bc6\u9375\u306fDER\u5f62\u5f0f\u306b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>\r\n    <span class=\"c\">\/\/PrivateKey of Self Sign CA Certificate<\/span>\r\n    <span class=\"n\">privateCaKey<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">rsa<\/span><span class=\"o\">.<\/span><span class=\"n\">GenerateKey<\/span><span class=\"p\">(<\/span><span class=\"n\">rand<\/span><span class=\"o\">.<\/span><span class=\"n\">Reader<\/span><span class=\"p\">,<\/span> <span class=\"m\">2048<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"n\">publicCaKey<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">privateCaKey<\/span><span class=\"o\">.<\/span><span class=\"n\">Public<\/span><span class=\"p\">()<\/span>\r\n\r\n    <span class=\"c\">\/\/[RFC5280]<\/span>\r\n    <span class=\"n\">subjectCa<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">Name<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">CommonName<\/span><span class=\"o\">:<\/span>         <span class=\"s\">\"ca01\"<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">OrganizationalUnit<\/span><span class=\"o\">:<\/span> <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"Example Org Unit\"<\/span><span class=\"p\">},<\/span>\r\n        <span class=\"n\">Organization<\/span><span class=\"o\">:<\/span>       <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"Example Org\"<\/span><span class=\"p\">},<\/span>\r\n        <span class=\"n\">Country<\/span><span class=\"o\">:<\/span>            <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"JP\"<\/span><span class=\"p\">},<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n    <span class=\"n\">caTpl<\/span> <span class=\"o\">:=<\/span> <span class=\"o\">&amp;<\/span><span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">Certificate<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">SerialNumber<\/span><span class=\"o\">:<\/span>          <span class=\"n\">big<\/span><span class=\"o\">.<\/span><span class=\"n\">NewInt<\/span><span class=\"p\">(<\/span><span class=\"m\">1<\/span><span class=\"p\">),<\/span>\r\n        <span class=\"n\">Subject<\/span><span class=\"o\">:<\/span>               <span class=\"n\">subjectCa<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">NotAfter<\/span><span class=\"o\">:<\/span>              <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">Date<\/span><span class=\"p\">(<\/span><span class=\"m\">2022<\/span><span class=\"p\">,<\/span> <span class=\"m\">1<\/span><span class=\"p\">,<\/span> <span class=\"m\">1<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">UTC<\/span><span class=\"p\">),<\/span>\r\n        <span class=\"n\">NotBefore<\/span><span class=\"o\">:<\/span>             <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">Date<\/span><span class=\"p\">(<\/span><span class=\"m\">2019<\/span><span class=\"p\">,<\/span> <span class=\"m\">1<\/span><span class=\"p\">,<\/span> <span class=\"m\">1<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"m\">0<\/span><span class=\"p\">,<\/span> <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">UTC<\/span><span class=\"p\">),<\/span>\r\n        <span class=\"n\">IsCA<\/span><span class=\"o\">:<\/span>                  <span class=\"no\">true<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">KeyUsage<\/span><span class=\"o\">:<\/span>              <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">KeyUsageDigitalSignature<\/span> <span class=\"o\">|<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">KeyUsageCertSign<\/span> <span class=\"o\">|<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">KeyUsageCRLSign<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">BasicConstraintsValid<\/span><span class=\"o\">:<\/span> <span class=\"no\">true<\/span><span class=\"p\">,<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n    <span class=\"c\">\/\/Self Sign CA Certificate<\/span>\r\n    <span class=\"n\">caCertificate<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">CreateCertificate<\/span><span class=\"p\">(<\/span><span class=\"n\">rand<\/span><span class=\"o\">.<\/span><span class=\"n\">Reader<\/span><span class=\"p\">,<\/span> <span class=\"n\">caTpl<\/span><span class=\"p\">,<\/span> <span class=\"n\">caTpl<\/span><span class=\"p\">,<\/span> <span class=\"n\">publicCaKey<\/span><span class=\"p\">,<\/span> <span class=\"n\">privateCaKey<\/span><span class=\"p\">)<\/span>\r\n\r\n\r\n    <span class=\"c\">\/\/Convert to ASN.1 DER encoded form<\/span>\r\n    <span class=\"n\">derCaCert<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">=<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">ParseCertificate<\/span><span class=\"p\">(<\/span><span class=\"n\">caCertificate<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"k\">if<\/span> <span class=\"n\">err<\/span> <span class=\"o\">!=<\/span> <span class=\"no\">nil<\/span> <span class=\"p\">{<\/span>\r\n        <span class=\"n\">log<\/span><span class=\"o\">.<\/span><span class=\"n\">Fatalf<\/span><span class=\"p\">(<\/span><span class=\"s\">\"ERROR:%v<\/span><span class=\"se\">\\n<\/span><span class=\"s\">\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n<\/code><\/pre>\n<h1>4. Golang \u3067\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u3092\u4f5c\u6210<\/h1>\n<h2>\u5931\u52b9\u3055\u305b\u308b\u8a3c\u660e\u66f8\u306e\u30ea\u30b9\u30c8\u3092\u4f5c\u6210<\/h2>\n<pre class=\"post-pre\"><code>    <span class=\"k\">var<\/span> <span class=\"n\">rcs<\/span> <span class=\"p\">[]<\/span><span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">RevokedCertificate<\/span>\r\n    <span class=\"n\">rc<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">RevokedCertificate<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">SerialNumber<\/span><span class=\"o\">:<\/span>   <span class=\"n\">big<\/span><span class=\"o\">.<\/span><span class=\"n\">NewInt<\/span><span class=\"p\">(<\/span><span class=\"m\">100<\/span><span class=\"p\">),<\/span>\r\n        <span class=\"n\">RevocationTime<\/span><span class=\"o\">:<\/span> <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">Now<\/span><span class=\"p\">(),<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n    <span class=\"n\">rcs<\/span> <span class=\"o\">=<\/span> <span class=\"nb\">append<\/span><span class=\"p\">(<\/span><span class=\"n\">rcs<\/span><span class=\"p\">,<\/span> <span class=\"n\">rc<\/span><span class=\"p\">)<\/span>\r\n\r\n    <span class=\"n\">rc<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">RevokedCertificate<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">SerialNumber<\/span><span class=\"o\">:<\/span>   <span class=\"n\">big<\/span><span class=\"o\">.<\/span><span class=\"n\">NewInt<\/span><span class=\"p\">(<\/span><span class=\"m\">108<\/span><span class=\"p\">),<\/span>\r\n        <span class=\"n\">RevocationTime<\/span><span class=\"o\">:<\/span> <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">Now<\/span><span class=\"p\">(),<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n    <span class=\"n\">rcs<\/span> <span class=\"o\">=<\/span> <span class=\"nb\">append<\/span><span class=\"p\">(<\/span><span class=\"n\">rcs<\/span><span class=\"p\">,<\/span> <span class=\"n\">rc<\/span><span class=\"p\">)<\/span>\r\n<\/code><\/pre>\n<p>\u3053\u3053\u3067\u306f\u3001\u30b7\u30ea\u30a2\u30eb\u304c100\u3068108\u306e\u8a3c\u660e\u66f8\u3092\u5931\u52b9\u3055\u305b\u307e\u3059\u3002<\/p>\n<h2>\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u306e crlExtensions \u306b Issuing Distribution Point \u3092\u8ffd\u52a0<\/h2>\n<p>Go \u3067\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u3092\u4f5c\u6210\u3059\u308b\u3068\u304d\u306b\u5229\u7528\u3059\u308b x509.RevocationList \u306b\u306f\u3001\u76f4\u63a5 Issuing Distribution Point \u3092\u8ffd\u52a0\u3059\u308bField\u306f\u3042\u308a\u307e\u305b\u3093\u3002<br \/>\n\u5225\u9014 Issuing Distribution Point \u7528\u306e\u69cb\u9020\u4f53\u3092\u4f5c\u6210\u3057\u3066\u3001Extension\u306b\u8ffd\u52a0\u3057\u3066\u3084\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\nRFC5280 \u3067\u306f\u3001Issuing Distribution Point\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>   id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }\r\n\r\n   IssuingDistributionPoint ::= SEQUENCE {\r\n        distributionPoint          [0] DistributionPointName OPTIONAL,\r\n        onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,\r\n        onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,\r\n        onlySomeReasons            [3] ReasonFlags OPTIONAL,\r\n        indirectCRL                [4] BOOLEAN DEFAULT FALSE,\r\n        onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }\r\n\r\n   DistributionPointName ::= CHOICE {\r\n        fullName                [0]     GeneralNames,\r\n        nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }\r\n\r\n   GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName\r\n\r\n   GeneralName ::= CHOICE {\r\n        otherName                       [0]     OtherName,\r\n        rfc822Name                      [1]     IA5String,\r\n        dNSName                         [2]     IA5String,\r\n        x400Address                     [3]     ORAddress,\r\n        directoryName                   [4]     Name,\r\n        ediPartyName                    [5]     EDIPartyName,\r\n        uniformResourceIdentifier       [6]     IA5String,\r\n        iPAddress                       [7]     OCTET STRING,\r\n        registeredID                    [8]     OBJECT IDENTIFIER }\r\n<\/code><\/pre>\n<p>\u4e0a\u8a18\u306b\u5f93\u3044\u3001issuingDistributionPoint \u3068 distributionPointName \u3092 \u4ee5\u4e0b\u306e Go \u306e\u69cb\u9020\u4f53\u3068\u3057\u3066\u5b9a\u7fa9\u3057\u307e\u3057\u305f\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"c\">\/\/ RFC5280, 5.2.5<\/span>\r\n<span class=\"k\">type<\/span> <span class=\"n\">issuingDistributionPoint<\/span> <span class=\"k\">struct<\/span> <span class=\"p\">{<\/span>\r\n    <span class=\"n\">DistributionPoint<\/span>          <span class=\"n\">distributionPointName<\/span> <span class=\"s\">`asn1:\"optional,tag:0\"`<\/span>\r\n    <span class=\"n\">OnlyContainsUserCerts<\/span>      <span class=\"kt\">bool<\/span>                  <span class=\"s\">`asn1:\"optional,tag:1\"`<\/span>\r\n    <span class=\"n\">OnlyContainsCACerts<\/span>        <span class=\"kt\">bool<\/span>                  <span class=\"s\">`asn1:\"optional,tag:2\"`<\/span>\r\n    <span class=\"n\">OnlySomeReasons<\/span>            <span class=\"n\">asn1<\/span><span class=\"o\">.<\/span><span class=\"n\">BitString<\/span>        <span class=\"s\">`asn1:\"optional,tag:3\"`<\/span>\r\n    <span class=\"n\">IndirectCRL<\/span>                <span class=\"kt\">bool<\/span>                  <span class=\"s\">`asn1:\"optional,tag:4\"`<\/span>\r\n    <span class=\"n\">OnlyContainsAttributeCerts<\/span> <span class=\"kt\">bool<\/span>                  <span class=\"s\">`asn1:\"optional,tag:5\"`<\/span>\r\n<span class=\"p\">}<\/span>\r\n\r\n<span class=\"k\">type<\/span> <span class=\"n\">distributionPointName<\/span> <span class=\"k\">struct<\/span> <span class=\"p\">{<\/span>\r\n    <span class=\"n\">FullName<\/span>     <span class=\"p\">[]<\/span><span class=\"n\">asn1<\/span><span class=\"o\">.<\/span><span class=\"n\">RawValue<\/span>  <span class=\"s\">`asn1:\"optional,tag:0\"`<\/span>\r\n    <span class=\"n\">RelativeName<\/span> <span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">RDNSequence<\/span> <span class=\"s\">`asn1:\"optional,tag:1\"`<\/span>\r\n<span class=\"p\">}<\/span>\r\n<\/code><\/pre>\n<p>distributionPointName \u306e FullName \u30d5\u30a3\u30fc\u30eb\u30c9\u306e\u578b\u306f GeneralNames \u3067\u3059\u3002<br \/>\nGeneralName \u306e uniformResourceIdentifier \u3067\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u306e\u53d6\u5f97\u5148\u3092\u6307\u5b9a\u3057\u305f\u3044\u306e\u3067\u3001<br \/>\nasn1.RawValue \u578b\u3067\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u8a2d\u5b9a<br \/>\nClass: 2<br \/>\nContext-specific ( asn1.RawValue \u306e\u5b9a\u7fa9\u306b\u3088\u308b)<br \/>\nTag: 6<br \/>\nGeneralName \u306e6\u756a\u76ee\u3064\u307e\u308a uniformResourceIdentifier<br \/>\nBytes: []byte(&#8220;http:\/\/www.example.com\/example.crl&#8221;)<br \/>\nuniformResourceIdentifier \u306e \u30a8\u30f3\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u306f IA5String \u3067\u3059\u3002\u305f\u3060\u3001crl \u3078\u306e URI \u3067\u4f7f\u308f\u308c\u3066\u3044\u308b\u7bc4\u56f2\u306e\u6587\u5b57\u5217\u306f IA5String \u3068 UTF8 \u3067\u540c\u3058byte\u306b\u306a\u308b\u306e\u3067\u76f4\u63a5 byte \u914d\u5217\u3068\u3057\u3066\u6e21\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>    <span class=\"n\">dp<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">distributionPointName<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">FullName<\/span><span class=\"o\">:<\/span> <span class=\"p\">[]<\/span><span class=\"n\">asn1<\/span><span class=\"o\">.<\/span><span class=\"n\">RawValue<\/span><span class=\"p\">{<\/span>\r\n            <span class=\"p\">{<\/span><span class=\"n\">Tag<\/span><span class=\"o\">:<\/span> <span class=\"m\">6<\/span><span class=\"p\">,<\/span> <span class=\"n\">Class<\/span><span class=\"o\">:<\/span> <span class=\"m\">2<\/span><span class=\"p\">,<\/span> <span class=\"n\">Bytes<\/span><span class=\"o\">:<\/span> <span class=\"p\">[]<\/span><span class=\"kt\">byte<\/span><span class=\"p\">(<\/span><span class=\"s\">\"http:\/\/www.example.com\/example.crl\"<\/span><span class=\"p\">)},<\/span>\r\n        <span class=\"p\">},<\/span>\r\n    <span class=\"p\">}<\/span>\r\n<\/code><\/pre>\n<p>Extension \u306b\u4f5c\u6210\u3057\u305f IssuingDistributionPoint \u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>\r\n<span class=\"k\">var<\/span> <span class=\"n\">oidExtensionIssuingDistributionPoint<\/span> <span class=\"o\">=<\/span> <span class=\"p\">[]<\/span><span class=\"kt\">int<\/span><span class=\"p\">{<\/span><span class=\"m\">2<\/span><span class=\"p\">,<\/span> <span class=\"m\">5<\/span><span class=\"p\">,<\/span> <span class=\"m\">29<\/span><span class=\"p\">,<\/span> <span class=\"m\">28<\/span><span class=\"p\">}<\/span>\r\n\r\n    <span class=\"n\">idp<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">issuingDistributionPoint<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">DistributionPoint<\/span><span class=\"o\">:<\/span> <span class=\"n\">dp<\/span><span class=\"p\">,<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n    <span class=\"n\">v<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">asn1<\/span><span class=\"o\">.<\/span><span class=\"n\">Marshal<\/span><span class=\"p\">(<\/span><span class=\"n\">idp<\/span><span class=\"p\">)<\/span>\r\n\r\n    <span class=\"n\">cdpExt<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">Extension<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">Id<\/span><span class=\"o\">:<\/span>       <span class=\"n\">oidExtensionIssuingDistributionPoint<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">Critical<\/span><span class=\"o\">:<\/span> <span class=\"no\">true<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">Value<\/span><span class=\"o\">:<\/span>    <span class=\"n\">v<\/span><span class=\"p\">,<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n<\/code><\/pre>\n<h2>x509.RevocationList \u69cb\u9020\u4f53\u306e\u8a2d\u5b9a<\/h2>\n<p>x509.RevocationList \u69cb\u9020\u4f53\u306b\u8a2d\u5b9a\u3057\u305f\u3044\u5024\u3092\u5165\u308c\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>    <span class=\"n\">crlTpl<\/span> <span class=\"o\">:=<\/span> <span class=\"o\">&amp;<\/span><span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">RevocationList<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">SignatureAlgorithm<\/span><span class=\"o\">:<\/span>  <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">SHA256WithRSA<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">RevokedCertificates<\/span><span class=\"o\">:<\/span> <span class=\"n\">rcs<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">Number<\/span><span class=\"o\">:<\/span>              <span class=\"n\">big<\/span><span class=\"o\">.<\/span><span class=\"n\">NewInt<\/span><span class=\"p\">(<\/span><span class=\"m\">2<\/span><span class=\"p\">),<\/span>\r\n        <span class=\"n\">ThisUpdate<\/span><span class=\"o\">:<\/span>          <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">Now<\/span><span class=\"p\">(),<\/span>\r\n        <span class=\"n\">NextUpdate<\/span><span class=\"o\">:<\/span>          <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">Now<\/span><span class=\"p\">()<\/span><span class=\"o\">.<\/span><span class=\"n\">Add<\/span><span class=\"p\">(<\/span><span class=\"m\">24<\/span> <span class=\"o\">*<\/span> <span class=\"n\">time<\/span><span class=\"o\">.<\/span><span class=\"n\">Hour<\/span><span class=\"p\">),<\/span>\r\n        <span class=\"n\">ExtraExtensions<\/span><span class=\"o\">:<\/span>     <span class=\"p\">[]<\/span><span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">Extension<\/span><span class=\"p\">{<\/span><span class=\"n\">cdpExt<\/span><span class=\"p\">},<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n<\/code><\/pre>\n<h2>\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u3092\u4f5c\u6210<\/h2>\n<p>\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u3092\u767a\u884c\u3057\u307e\u3059<\/p>\n<pre class=\"post-pre\"><code>    <span class=\"k\">var<\/span> <span class=\"n\">derCrl<\/span> <span class=\"p\">[]<\/span><span class=\"kt\">byte<\/span>\r\n    <span class=\"n\">derCrl<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">=<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">CreateRevocationList<\/span><span class=\"p\">(<\/span><span class=\"n\">rand<\/span><span class=\"o\">.<\/span><span class=\"n\">Reader<\/span><span class=\"p\">,<\/span> <span class=\"n\">crlTpl<\/span><span class=\"p\">,<\/span> <span class=\"n\">derCaCert<\/span><span class=\"p\">,<\/span> <span class=\"n\">privateCaKey<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"k\">if<\/span> <span class=\"n\">err<\/span> <span class=\"o\">!=<\/span> <span class=\"no\">nil<\/span> <span class=\"p\">{<\/span>\r\n        <span class=\"n\">log<\/span><span class=\"o\">.<\/span><span class=\"n\">Fatalf<\/span><span class=\"p\">(<\/span><span class=\"s\">\"ERROR:%v<\/span><span class=\"se\">\\n<\/span><span class=\"s\">\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n    <span class=\"n\">f<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">=<\/span> <span class=\"n\">os<\/span><span class=\"o\">.<\/span><span class=\"n\">Create<\/span><span class=\"p\">(<\/span><span class=\"s\">\"ca01.crl\"<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"k\">if<\/span> <span class=\"n\">err<\/span> <span class=\"o\">!=<\/span> <span class=\"no\">nil<\/span> <span class=\"p\">{<\/span>\r\n        <span class=\"n\">log<\/span><span class=\"o\">.<\/span><span class=\"n\">Fatalf<\/span><span class=\"p\">(<\/span><span class=\"s\">\"ERROR:%v<\/span><span class=\"se\">\\n<\/span><span class=\"s\">\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"p\">}<\/span>\r\n\r\n    <span class=\"n\">err<\/span> <span class=\"o\">=<\/span> <span class=\"n\">pem<\/span><span class=\"o\">.<\/span><span class=\"n\">Encode<\/span><span class=\"p\">(<\/span><span class=\"n\">f<\/span><span class=\"p\">,<\/span> <span class=\"o\">&amp;<\/span><span class=\"n\">pem<\/span><span class=\"o\">.<\/span><span class=\"n\">Block<\/span><span class=\"p\">{<\/span><span class=\"n\">Type<\/span><span class=\"o\">:<\/span> <span class=\"s\">\"X509 CRL\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">Bytes<\/span><span class=\"o\">:<\/span> <span class=\"n\">derCrl<\/span><span class=\"p\">})<\/span>\r\n    <span class=\"k\">if<\/span> <span class=\"n\">err<\/span> <span class=\"o\">!=<\/span> <span class=\"no\">nil<\/span> <span class=\"p\">{<\/span>\r\n        <span class=\"n\">log<\/span><span class=\"o\">.<\/span><span class=\"n\">Fatalf<\/span><span class=\"p\">(<\/span><span class=\"s\">\"ERROR:%v<\/span><span class=\"se\">\\n<\/span><span class=\"s\">\"<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span><span class=\"p\">)<\/span>\r\n    <span class=\"p\">}<\/span>\r\n    <span class=\"n\">err<\/span> <span class=\"o\">=<\/span> <span class=\"n\">f<\/span><span class=\"o\">.<\/span><span class=\"n\">Close<\/span><span class=\"p\">()<\/span>\r\n<\/code><\/pre>\n<h1>5. \u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u3092\u78ba\u8a8d\u3059\u308b<\/h1>\n<p>\u767a\u884c\u3057\u305f\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u3092 Openssl \u3067\u78ba\u8a8d\u3057\u307e\u3059\u3002\u8a2d\u5b9a\u3057\u305f\u8981\u7d20\u304c\u3059\u3079\u3066\u5165\u3063\u3066\u3044\u307e\u3059\u306d\u3002<\/p>\n<pre class=\"post-pre\"><code>$ openssl crl -inform pem -in example.crl -text\r\nCertificate Revocation List (CRL):\r\n        Version 2 (0x1)\r\n        Signature Algorithm: sha256WithRSAEncryption\r\n        Issuer: C = JP, O = Example Org, OU = Example Org Unit, CN = ca01\r\n        Last Update: Oct 24 04:16:04 2020 GMT\r\n        Next Update: Oct 25 04:16:04 2020 GMT\r\n        CRL extensions:\r\n            X509v3 Authority Key Identifier:\r\n                keyid:0A:42:8D:9B:23:A9:77:11:FF:FD:0F:CC:58:F4:36:F4:98:06:7F:28\r\n\r\n            X509v3 CRL Number:\r\n                2\r\n            X509v3 Issuing Distribution Point: critical\r\n                Full Name:\r\n                  URI:http:\/\/www.example.com\/example.crl\r\n\r\nRevoked Certificates:\r\n    Serial Number: 64\r\n        Revocation Date: Oct 24 04:16:04 2020 GMT\r\n    Serial Number: 6C\r\n        Revocation Date: Oct 24 04:16:04 2020 GMT\r\n    Signature Algorithm: sha256WithRSAEncryption\r\n         6c:0d:23:e8:50:bf:84:ae:10:85:3e:43:28:0f:43:fd:58:cb:\r\n         83:8c:7c:a8:5c:7d:78:71:f1:0c:03:97:43:88:8c:32:02:5c:\r\n         a6:6c:e2:a4:7d:94:56:08:a8:9c:17:95:b4:be:11:bb:65:52:\r\n         43:25:de:c0:d5:d0:df:ac:0f:ca:8c:a7:23:82:19:12:e2:9d:\r\n         49:83:9e:ca:bc:2e:f3:60:79:39:47:cb:ed:17:52:25:9f:42:\r\n         26:9e:1b:67:5f:af:e1:3a:14:67:5f:4f:de:10:c5:32:03:7f:\r\n         40:a0:b6:bc:3f:05:33:73:91:0b:73:4e:f2:3c:be:b0:e4:63:\r\n         e0:d0:81:6e:91:14:d9:04:35:21:3e:22:1e:31:bd:47:40:c9:\r\n         69:f0:e5:57:bc:c3:2c:ae:b8:06:38:35:f1:59:6f:45:2c:45:\r\n         08:2e:63:49:ab:f5:54:0b:54:d2:a8:fc:62:ea:a5:46:62:28:\r\n         a9:89:76:96:cf:47:28:3d:81:c3:e9:fb:ce:54:a8:07:71:6d:\r\n         c6:d8:b7:e7:33:b0:05:df:c4:79:56:e1:99:ed:9f:33:f8:15:\r\n         b9:32:4e:82:4c:0c:a7:a5:23:d4:f7:e1:94:26:2b:e0:55:1a:\r\n         38:f6:72:21:a9:e0:29:06:80:9a:05:e3:43:c2:4a:dd:74:c6:\r\n         d6:79:ec:9d\r\n-----BEGIN X509 CRL-----\r\nMIICKDCCARACAQEwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCSlAxFDASBgNV\r\nBAoTC0V4YW1wbGUgT3JnMRkwFwYDVQQLExBFeGFtcGxlIE9yZyBVbml0MQ0wCwYD\r\nVQQDEwRjYTAxFw0yMDEwMjQwNDE2MDRaFw0yMDEwMjUwNDE2MDRaMCgwEgIBZBcN\r\nMjAxMDI0MDQxNjA0WjASAgFsFw0yMDEwMjQwNDE2MDRaoGUwYzAfBgNVHSMEGDAW\r\ngBQKQo2bI6l3Ef\/9D8xY9Db0mAZ\/KDAKBgNVHRQEAwIBAjA0BgNVHRwBAf8EKjAo\r\noCagJIYiaHR0cDovL3d3dy5leGFtcGxlLmNvbS9leGFtcGxlLmNybDANBgkqhkiG\r\n9w0BAQsFAAOCAQEAbA0j6FC\/hK4QhT5DKA9D\/VjLg4x8qFx9eHHxDAOXQ4iMMgJc\r\npmzipH2UVgionBeVtL4Ru2VSQyXewNXQ36wPyoynI4IZEuKdSYOeyrwu82B5OUfL\r\n7RdSJZ9CJp4bZ1+v4ToUZ19P3hDFMgN\/QKC2vD8FM3ORC3NO8jy+sORj4NCBbpEU\r\n2QQ1IT4iHjG9R0DJafDlV7zDLK64Bjg18VlvRSxFCC5jSav1VAtU0qj8YuqlRmIo\r\nqYl2ls9HKD2Bw+n7zlSoB3Ftxti35zOwBd\/EeVbhme2fM\/gVuTJOgkwMp6Uj1Pfh\r\nlCYr4FUaOPZyIangKQaAmgXjQ8JK3XTG1nnsnQ==\r\n-----END X509 CRL-----\r\n\r\n<\/code><\/pre>\n<h1>6. \u30b3\u30fc\u30c9<\/h1>\n<p>\u30b3\u30fc\u30c9\u306f\u3053\u3061\u3089<br \/>\nhttps:\/\/github.com\/tardevnull\/gopkicookbook4<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1. \u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba Golang \u3067\u3001\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8( CRL )\u3092\u4f5c\u308a\u305f\u3044\u4eba 2. \u6982\u8981 \u3053\u306e\u8a18\u4e8b\u3067 [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-44772","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>- Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:description\" content=\"1. \u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba Golang \u3067\u3001\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8( CRL )\u3092\u4f5c\u308a\u305f\u3044\u4eba 2. \u6982\u8981 \u3053\u306e\u8a18\u4e8b\u3067 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-04T09:12:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T17:01:57+00:00\" \/>\n<meta name=\"author\" content=\"\u6e05, \u626c\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6e05, \u626c\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/\",\"name\":\"- Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-07-04T09:12:31+00:00\",\"dateModified\":\"2024-04-29T17:01:57+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\",\"name\":\"\u6e05, \u626c\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"caption\":\"\u6e05, \u626c\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"- Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/","og_locale":"zh_CN","og_type":"article","og_description":"1. \u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba Golang \u3067\u3001\u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8( CRL )\u3092\u4f5c\u308a\u305f\u3044\u4eba 2. \u6982\u8981 \u3053\u306e\u8a18\u4e8b\u3067 [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-07-04T09:12:31+00:00","article_modified_time":"2024-04-29T17:01:57+00:00","author":"\u6e05, \u626c","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6e05, \u626c","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/","name":"- Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-07-04T09:12:31+00:00","dateModified":"2024-04-29T17:01:57+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461","name":"\u6e05, \u626c","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","caption":"\u6e05, \u626c"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/44772-2\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/44772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=44772"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/44772\/revisions"}],"predecessor-version":[{"id":88728,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/44772\/revisions\/88728"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=44772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=44772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=44772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}