inside docker golang image i am trying to go install a package and fail on this error:
go install google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: invalid version: Get "https://proxy.golang.org/google.golang.org/protobuf/cmd/protoc-gen-go/@v/1.27.0.info": x509: certificate signed by unknown authority
i tried installing CA certificates unsuccessfully
any idea what could be the problem ?
Ok so the problem was my security client: Cisco AnyConnect "Umbrella".
it was acting like a man in the middle and re-sign the request with its own certificate.
in order for the in-docker go client to trust the traffic re-signed by the Cisco Umbrella, the "Cisco Umbrella Root CA" certificate was needed to be added to the docker file:
so clicking on the .cer URI we can see that certificate.
now inside my container i could:
$ wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer
then convert it from .cer to a .crt file:
$ openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt
then copy it to the certificate folder:
$ cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt
and lastly update certificates:
$ update-ca-certificates
which outputs this:
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
done! now we can go get any package:
$ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
go: downloading google.golang.org/protobuf v1.27.1
this was written about cisco security client but can be applied to any client out there