crypto/x509: corporate proxy: certificate signed by unknown authority #40370
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
go version: go1.14.6 darwin/amd64
go env excerpts:
Attempted to do
go install ./awsproviderlint
and failed with x509 error.Also got same error with
http.Get("https://www.google.com")
The problem appears to be how Go handles the certificate chains from my corporate proxy that does re-encryption.
The certificate itself does not include the full chain, only the immediate parent.
Go is picking up the system root certificates, which includes the corporate proxy's root CA cert.
The problem is there is an intermediate cert between the root CA and cert in the chain:
Root->Intermediate 1->Intermediate 2->server cert
The 'intermediate 1' cert is registered in the MacOS System keychain and browsers have no problem with the same sites.
The text was updated successfully, but these errors were encountered: