Home >Backend Development >Golang >How Does Go Find and Use Root Certificate Authorities on Linux?
Finding Root CAs in Go on Linux
Go's crypto/tls.Config.RootCAs can be set to define a custom set of root certificate authorities (CAs) for client certificate verification. If left nil, Go defaults to using the "host's root CA set."
On Linux, the host's root CA set is gathered from several potential locations:
/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-bundle.pem /etc/pki/tls/cacert.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/ssl/cert.pem
Once a certificate file is found, the search stops. This allows system administrators to configure which root CAs are trusted by modifying these files.
To globally add another root CA to trust, find and edit one of these files. Append the new root CA certificate in PEM format to the end of the file. Ensure that the file is in a format that is compatible with your Linux distribution.
The above is the detailed content of How Does Go Find and Use Root Certificate Authorities on Linux?. For more information, please follow other related articles on the PHP Chinese website!