Home >Backend Development >Golang >Why Does `go get` Fail in a Docker Go Image with \'x509: certificate signed by unknown authority\'?
Why Does `go get` Fail in a Docker Go Image with \'x509: certificate signed by unknown authority\'?
- DDDOriginal
- 2024-11-30 15:56:15171browse
Docker go image: "go get" failure due to "x509: certificate signed by unknown authority"
When attempting to install a package using "go install" within a Docker Go image, users may encounter the error "x509: certificate signed by unknown authority." This issue arises because the Docker image lacks the necessary CA certificate to verify the trustworthiness of the certificate authority signing the request.
Troubleshooting:
One common culprit is the use of security clients like Cisco AnyConnect "Umbrella." These clients often act as a man-in-the-middle, re-signing requests using their own certificate. To resolve the issue, the image must have access to the "Cisco Umbrella Root CA" certificate.
Resolution:
- Download the certificate from the Cisco Umbrella Root CA website: https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer
-
Convert the .cer certificate to .crt format using openssl:
openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt
-
Copy the .crt certificate to the certificate folder:
cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt
-
Update certificates:
update-ca-certificates
By following these steps, the Docker image will gain access to the necessary certificates, allowing for successful installation of packages using "go get."
The above is the detailed content of Why Does `go get` Fail in a Docker Go Image with \'x509: certificate signed by unknown authority\'?. For more information, please follow other related articles on the PHP Chinese website!