Docker go 映像 - 无法获取 - x509:由未知机构签名的证书 [英] Docker go image - cannot go get - x509: certificate signed by unknown authority
问题描述
在 docker golang 映像中,我正在尝试 go install
一个包并在此错误上失败:
inside docker golang image i am trying to go install
a package and fail on this error:
go install google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: invalid version: Get "https://proxy.golang.org/google.golang.org/protobuf/cmd/protoc-gen-go/@v/1.27.0.info": x509: certificate signed by unknown authority
我尝试安装 CA 证书失败
i tried installing CA certificates unsuccessfully
知道可能是什么问题吗?
any idea what could be the problem ?
推荐答案
好吧,问题出在我的安全客户端:Cisco AnyConnectUmbrella".
Ok so the problem was my security client: Cisco AnyConnect "Umbrella".
它就像一个中间人,用自己的证书重新签署请求.
it was acting like a man in the middle and re-sign the request with its own certificate.
为了让 in-docker go 客户端信任由 Cisco Umbrella 重新签名的流量,Cisco Umbrella Root CA"需要将证书添加到 docker 文件中:
in order for the in-docker go client to trust the traffic re-signed by the Cisco Umbrella, the "Cisco Umbrella Root CA" certificate was needed to be added to the docker file:
所以点击 .cer URI 我们可以看到那个证书.
so clicking on the .cer URI we can see that certificate.
现在在我的容器中,我可以:
now inside my container i could:
$ wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer
然后将其从 .cer
转换为 .crt
文件:
then convert it from .cer
to a .crt
file:
$ openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt
然后将其复制到证书文件夹:
then copy it to the certificate folder:
$ cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt
最后更新证书:
$ update-ca-certificates
输出这个:
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
完成!现在我们可以去拿任何包裹了:
done! now we can go get any package:
$ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
go: downloading google.golang.org/protobuf v1.27.1
这是关于思科安全客户端的,但可以应用于任何客户端
this was written about cisco security client but can be applied to any client out there
这篇关于Docker go 映像 - 无法获取 - x509:由未知机构签名的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!