Home >Backend Development >Golang >How Does Go Find and Use Root Certificate Authorities on Linux?

How Does Go Find and Use Root Certificate Authorities on Linux?

Patricia Arquette
Patricia ArquetteOriginal
2024-12-26 11:02:15300browse

How Does Go Find and Use Root Certificate Authorities on Linux?

Finding Root CAs in Go on Linux

Go's crypto/tls.Config.RootCAs can be set to define a custom set of root certificate authorities (CAs) for client certificate verification. If left nil, Go defaults to using the "host's root CA set."

On Linux, the host's root CA set is gathered from several potential locations:

/etc/ssl/certs/ca-certificates.crt
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/ca-bundle.pem
/etc/pki/tls/cacert.pem
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/ssl/cert.pem

Once a certificate file is found, the search stops. This allows system administrators to configure which root CAs are trusted by modifying these files.

To globally add another root CA to trust, find and edit one of these files. Append the new root CA certificate in PEM format to the end of the file. Ensure that the file is in a format that is compatible with your Linux distribution.

The above is the detailed content of How Does Go Find and Use Root Certificate Authorities on Linux?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn