How to Fix \'Invalid Certificate\' Errors During `go install` in Docker with Cisco AnyConnect?

Docker Go Image Error: Invalid Certificate for go install

Issue:

When executing go install within a Docker Go image, users encounter the error:

google.golang.org/protobuf/cmd/[email protected]: google.golang.org/protobuf/cmd/[email protected]: invalid version: Get "https://proxy.golang.org/google.golang.org/protobuf/cmd/protoc-gen-go/@v/1.27.0.info": x509: certificate signed by unknown authority

Resolution:

The aforementioned error stems from the Docker image's security client, in this case, Cisco AnyConnect "Umbrella," which acts as a man-in-the-middle and re-signs requests with its own certificate.

To rectify this issue, the Docker image must include the "Cisco Umbrella Root CA" certificate. Follow these steps to add the certificate:

1. Download the certificate:

   $ wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer

2. Convert the certificate from .cer to .crt format:

   $ openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt

3. Copy the certificate to the certificate folder:

   $ cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt

4. Update certificates:

   $ update-ca-certificates

Once these steps are complete, the Docker image will be able to trust the Umbrella-resigned traffic. Consequently, go install can be executed without the aforementioned error.

The above is the detailed content of How to Fix \'Invalid Certificate\' Errors During `go install` in Docker with Cisco AnyConnect?. For more information, please follow other related articles on the PHP Chinese website!