Docker go 映像 - 无法获取 - x509:由未知机构签名的证书 [英] Docker go image - cannot go get - x509: certificate signed by unknown authority

查看:145
本文介绍了Docker go 映像 - 无法获取 - x509:由未知机构签名的证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在 docker golang 映像中,我正在尝试 go install 一个包并在此错误上失败:

inside docker golang image i am trying to go install a package and fail on this error:

go install google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: invalid version: Get "https://proxy.golang.org/google.golang.org/protobuf/cmd/protoc-gen-go/@v/1.27.0.info": x509: certificate signed by unknown authority

我尝试安装 CA 证书失败

i tried installing CA certificates unsuccessfully

知道可能是什么问题吗?

any idea what could be the problem ?

推荐答案

好吧,问题出在我的安全客户端:Cisco AnyConnectUmbrella".

Ok so the problem was my security client: Cisco AnyConnect "Umbrella".

它就像一个中间人,用自己的证书重新签署请求.

it was acting like a man in the middle and re-sign the request with its own certificate.

为了让 in-docker go 客户端信任由 Cisco Umbrella 重新签名的流量,Cisco Umbrella Root CA"需要将证书添加到 docker 文件中:

in order for the in-docker go client to trust the traffic re-signed by the Cisco Umbrella, the "Cisco Umbrella Root CA" certificate was needed to be added to the docker file:

所以点击 .cer URI 我们可以看到那个证书.

so clicking on the .cer URI we can see that certificate.

现在在我的容器中,我可以:

now inside my container i could:

$ wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer

然后将其从 .cer 转换为 .crt 文件:

then convert it from .cer to a .crt file:

$ openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt

然后将其复制到证书文件夹:

then copy it to the certificate folder:

$ cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt

最后更新证书:

$ update-ca-certificates

输出这个:

Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

完成!现在我们可以去拿任何包裹了:

done! now we can go get any package:

$ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
go: downloading google.golang.org/protobuf v1.27.1

这是关于思科安全客户端的,但可以应用于任何客户端

this was written about cisco security client but can be applied to any client out there

这篇关于Docker go 映像 - 无法获取 - x509:由未知机构签名的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆