How to Fix \'x509: certificate signed by unknown authority\' Errors When Using `go install` in Docker?

Docker Go Image: Troubleshooting "x509: certificate signed by unknown authority" Error

When attempting to install a package using go install inside a Docker Go image, an error may arise indicating that a certificate is signed by an unknown authority. This error can be attributed to a variety of causes, including misconfigured certificate authorities or the interference of security clients.

Certificate Authority Configuration

Ensure that the Docker image has the necessary certificates and root CAs installed to verify the authenticity of downloaded packages. The simplest approach is to use the update-ca-certificates command to retrieve the latest certificate authorities from the distribution's repositories.

Security Client Interference

Certain security clients, such as Cisco's Umbrella, can intervene in network traffic and re-sign requests with their own certificates. To bypass this interference, it may be necessary to add the client's certificate to the trusted root CAs within the Docker image.

Specific Solution for Cisco Umbrella

To resolve the issue with Cisco Umbrella, follow these steps:

1. Download the Cisco Umbrella Root CA certificate from their website.
2. Convert the .cer certificate to a .crt file using openssl.
3. Copy the .crt file to the /usr/local/share/ca-certificates directory.
4. Update certificates with update-ca-certificates.

After completing these steps, Go packages should be able to be installed without encountering the "x509: certificate signed by unknown authority" error. This solution can be extended to other security clients that interfere with the retrieval of packages.

The above is the detailed content of How to Fix \'x509: certificate signed by unknown authority\' Errors When Using `go install` in Docker?. For more information, please follow other related articles on the PHP Chinese website!