diff --git a/authority/tls.go b/authority/tls.go index 76edf360..baaac270 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -245,21 +245,10 @@ func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x5 newCert.ExtraExtensions = append(newCert.ExtraExtensions, ext) } - leaf, err := x509legacy.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer) + serverCert, err := x509util.CreateCertificate(newCert, a.x509Issuer, newCert.PublicKey, a.x509Signer) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...) } - crtBytes, err := leaf.CreateCertificate() - if err != nil { - return nil, errs.Wrap(http.StatusInternalServerError, err, - "authority.Rekey; error renewing certificate from existing server certificate", opts...) - } - - serverCert, err := x509.ParseCertificate(crtBytes) - if err != nil { - return nil, errs.Wrap(http.StatusInternalServerError, err, - "authority.Rekey; error parsing new server certificate", opts...) - } if err = a.db.StoreCertificate(serverCert); err != nil { if err != db.ErrNotImplemented { diff --git a/authority/tls_test.go b/authority/tls_test.go index 90dc7075..41347f17 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -538,7 +538,7 @@ func TestAuthority_Renew(t *testing.T) { return &renewTest{ auth: _a, cert: cert, - err: errors.New("authority.Rekey; error renewing certificate from existing server certificate"), + err: errors.New("authority.Rekey: error creating certificate"), code: http.StatusInternalServerError, }, nil }, @@ -766,7 +766,7 @@ func TestAuthority_Rekey(t *testing.T) { return &renewTest{ auth: _a, cert: cert, - err: errors.New("authority.Rekey; error renewing certificate from existing server certificate"), + err: errors.New("authority.Rekey: error creating certificate"), code: http.StatusInternalServerError, }, nil },