I have two *.crt files named cert.crt and key.crt.
To use these files I imported these files and converted to rcgen::Certificate and rcgen::KeyPair type.
After converting, I printed certificate detail and it was different with original certificate.
How to fix this problem?
let param = rcgen::CertificateParams::from_ca_cert_pem(
&std::fs::read_to_string(&external_cert.cert).unwrap(),
)
.unwrap();
let key_pair =
rcgen::KeyPair::from_pem(&std::fs::read_to_string(&external_cert.private_key).unwrap())
.unwrap();
let cert = param.self_signed(&key_pair).unwrap();
param.self_signed(&key_pair) will create a new self-signed certificate. It is expected that this is different from a CA signed certificate. If you want to use an existing certificate, you probably want to avoid rcgen entirely. Which crate are you using for handling tls connections? You should use that crate for loading the certificate.
That crate looks to be hard-coding rcgen. And not only that, it seems to actually hard code generating a new certificate from scratch every time it starts. If you pass in a certificate, it only uses it as CA to sign the new certificate it created. A certificates you get from a public CA can not be used to sign further certificates. They contain a field that tells the browser not to allow using them to sign other certificates.