Check private/public key pair match for parent cert

Akachain · Apr 12, 2021 · 8b84ad0 · 8b84ad0
1 parent 6256203
commit 8b84ad0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/bin/dcm b/bin/dcm
diff --git a/commands/certificate/renew/renew.go b/commands/certificate/renew/renew.go
@@ -89,6 +89,11 @@ func (c *ReNewCommand) Run() error {
 		return err
 	}
 
+	// verify private/public key pair of parent cert
+	if err := utilities.VerifyKey(parentPrivKey, parentCert.PublicKey); err != nil {
+		return err
+	}
+
 	// parse old certificate information
 	privateKey, err := utilities.ParsePrivateKey(c.PrivKeyOldCertPath)
 	if err != nil {
@@ -103,7 +108,7 @@ func (c *ReNewCommand) Run() error {
 	// renew certificate
 	oldCert.NotAfter = time.Now().AddDate(0, 0, c.Day)
 
-	// verify private/public key pair
+	// verify private/public key pair of children cert
 	if err := utilities.VerifyKey(privateKey, oldCert.PublicKey); err != nil {
 		return err
 	}