If you don't want to create a self-signed certificate, you have to create a certificate signing request and have it signed by a trusted certificate authority. You create a certificate request by calling x509.CreateCertificateRequest() and passing it an x509.CertificateRequest object with the private key.
The equivalent operation using OpenSSL is as follows:
# Create CSR openssl req -new -key priv.pem -out csr.pem # View details to verify request was created properly openssl req -verify -in csr.pem -text -noout
This example demonstrates how to create a certificate signing request:
package mainimport ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "fmt" "io/ioutil" "log"