Where Does Go Find Root Certificate Authorities on Linux Systems?

Locating Root Certificate Authorities in Golang

The crypto/tls.Config.RootCAs field provides a set of trusted root certificate authorities for verifying server certificates. When this field is left unset, Golang uses the host's root CA set instead. In particular, on Linux systems, these root CAs are fetched from specific locations.

Where Golang Finds Host Root CAs on Linux

Golang searches through several possible certificate files to locate the host's root CA set. These files are listed in the following order, and Golang stops after finding one:

• /etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu/Gentoo)
• /etc/pki/tls/certs/ca-bundle.crt (Fedora/RHEL 6)
• /etc/ssl/ca-bundle.pem (OpenSUSE)
• /etc/pki/tls/cacert.pem (OpenELEC)
• /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (CentOS/RHEL 7)
• /etc/ssl/cert.pem (Alpine Linux)

Therefore, to globally add a root CA to the trusted set on a Linux system, you can include the relevant certificate file in one of the above locations.

The above is the detailed content of Where Does Go Find Root Certificate Authorities on Linux Systems?. For more information, please follow other related articles on the PHP Chinese website!