Home >Backend Development >Golang >Where Does Go Get Its Root CAs on Linux?

Where Does Go Get Its Root CAs on Linux?

Susan Sarandon
Susan SarandonOriginal
2024-12-24 06:36:10959browse

Where Does Go Get Its Root CAs on Linux?

Where Golang Obtains Root CAs on Linux

The crypto/tls.Config.RootCAs field in Golang's TLS configuration allows clients to define their own root certificate authority (CA) set for verifying server certificates. However, if this field is left unspecified, TLS will utilize the host's root CA set.

For Linux systems, this host root CA set is obtained from specific locations. Golang searches through the following files in order:

  • /etc/ssl/certs/ca-certificates.crt
  • /etc/pki/tls/certs/ca-bundle.crt
  • /etc/ssl/ca-bundle.pem
  • /etc/pki/tls/cacert.pem
  • /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  • /etc/ssl/cert.pem

If a CA certificate is present in any of these locations, it will be incorporated into the root CA set used by TLS. This allows system administrators to add or remove trusted root CAs by modifying these files as needed.

The above is the detailed content of Where Does Go Get Its Root CAs on Linux?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn