Create & Sign x509 Certificates in Golang

Shane Utt
2 min readAug 12, 2020

In this article we’ll cover creating and signing x509 Certificates in Golang. This exercise can be a helpful reference if you’re writing integration tests for web services which should test HTTPS functionality, or otherwise working on certificate handling code.

Create a Certificate Authority

In this article we’ll create and manage our own Certificate Authority (CA) locally to keep the examples here simple. Working with CAs locally will help prepare you for working with other public certificate authorities later.

Let’s get started by creating a CA which will be used to sign all of our certificates using the x509 package from the Go Standard Library:

Note that the field IsCA is set to true above indicating this certificate is a CA certificate.

We’ll generate a private key for the CA:

And create the certificate:

We’ll PEM Encode our certificate and private key for signing other certificates in upcoming steps:

Now we’re ready to use this CA.

Generate & Signing a Certificate

The next exercise is to create a certificate which our CA will sign:

Shane Utt

Senior Software Engineer — Kubernetes @ Kong