I am creating a client app using Golang 1.9.2 and I am having some trouble to access my backend. The thing is that my app is working fine in the latest versions of Windows and Linux, however when I run it on Windows XP (yes, unfortunately I do have to support Windows XP, because some of our customers refuse to upgrade their OS) I get this error while trying to execute an HTTP GET and an HTTP POST: <code>x509: certificate signed by unknown authority</code>. I've ran the same GET command using a Firefox ESR browser and a Chromium browser, from inside the Windows XP and none of them complain about the certificate. Please note that my certificate is valid and signed by a trusted authority. I've done some research and I found out that some people had the same problem and solved it by ignoring the TLS validation using this: <pre class="prettyprint"><code>import ("net/http"; "crypto/tls") tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify : true}, } client := &http.Client{Transport: tr} resp, err := client.Get("https://someurl:443/) </code></pre> So I added this to my code, but it is still not working: <pre class="prettyprint"><code>// NewAPIClient - creates a new API client func NewAPIClient() Client { c := &APIClient{} tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkyVerify: true}, } c.client = &http.Client{Transport: tr} return c } // GetTasks - retrieves a list of tasks from the backend. func (c *APIClient) GetTasks() ([]byte, error) { conf := config.GetInstance() url := fmt.Sprintf("%s/myurl", conf.GetConfig().APIUrl) req, err := http.NewRequest(http.MethodGet, url, nil) if err != nil { log.WithError(err).Errorf("Error creating HTTP request") return nil, err } // Add headers req.Header.Add("Authorization", conf.GetConfig().APIToken) req.Header.Add("Accept", "application/json") log.Info("Retrieving tasks from the API") resp, err := c.client.Do(req) if err != nil { log.WithError(err).Errorf("Error retrieving tasks from the backend") return nil, err } defer resp.Body.Close() if resp.StatusCode != 200 { errMsg := fmt.Sprintf("Received status: %s", resp.Status) err = errors.New(errMsg) log.WithError(err).Error("Error retrieving tasks from the backend") return nil, err } tasks, err := ioutil.ReadAll(resp.Body) if err != nil { log.WithError(err).Error("Error reading tasks response body") return nil, err } log.Info("The tasks were successfully retrieved") return tasks, nil } </code></pre> Is there a another way to solve this problem, without having to ignore the certificate validation? If not, what I am doing wrong in my code?

Golang uses the OS certificate store. The following comment indicates Go uses the Windows store on Windows, similar to Linux. <blockquote> // CertGetCertificateChain will traverse Windows's root stores in an attempt to build a verified certificate chain </blockquote> This comment and the associated code is in the following file: https://golang.org/src/crypto/x509/root_windows.go Add the server certificate, Intermediate CA certificate and/or Root CA certificate to the Windows XP certificate store. You can use the following Windows XP instructions posted by IBM: <blockquote> Procedure <ol> <li>From Windows XP, select Start > Run to open the command line.</li> <li>Type <code>mmc</code> into the Run dialog box and click OK to run the Microsoft Management Console (MMC).</li> <li>From within MMC, select File > Add/Remove Snap-in.</li> <li>Click Add.</li> <li>Click Certificates.</li> <li>Click My user account.</li> <li>Click Finish.</li> <li>Click Close on the Add Standalone Snap-in dialog box.</li> <li>Click OK on the Add/Remove Snap-in dialog box.</li> </ol> </blockquote> Ref: https://www.ibm.com/docs/en/b2b-integrator/5.2?topic=xp-install-root-certificate-in-windows GlobalSign and Securely provide similar instructions for more modern versions of Windows but the IBM link above is specifically for Windows XP. The Securely docs below also include screen shots. <ul> <li>Import and Export Certificate - Microsoft Windows</li> <li> How do I manually install the Securly SSL certificate on Windows - includes screen shots</li> </ul>

Golang HTTP x509: certificate signed by unknown authority error

I am creating a client app using Golang 1.9.2 and I am having some trouble to access my backend. The thing is that my app is working fine in the latest versions of Windows and Linux, however when I run it on Windows XP (yes, unfortunately I do have to support Windows XP, because some of our customers refuse to upgrade their OS) I get this error while trying to execute an HTTP GET and an HTTP POST: x509: certificate signed by unknown authority.

I've ran the same GET command using a Firefox ESR browser and a Chromium browser, from inside the Windows XP and none of them complain about the certificate.

Please note that my certificate is valid and signed by a trusted authority.

I've done some research and I found out that some people had the same problem and solved it by ignoring the TLS validation using this:

import ("net/http"; "crypto/tls")

tr := &http.Transport{
    TLSClientConfig: &tls.Config{InsecureSkipVerify : true},
}
client := &http.Client{Transport: tr}
resp, err := client.Get("https://someurl:443/)

So I added this to my code, but it is still not working:

// NewAPIClient - creates a new API client
func NewAPIClient() Client {
    c := &APIClient{}

    tr := &http.Transport{
        TLSClientConfig: &tls.Config{InsecureSkyVerify: true},
    }
    c.client = &http.Client{Transport: tr}
    return c
}

// GetTasks - retrieves a list of tasks from the backend.
func (c *APIClient) GetTasks() ([]byte, error) {
    conf := config.GetInstance()
    url := fmt.Sprintf("%s/myurl", conf.GetConfig().APIUrl)

    req, err := http.NewRequest(http.MethodGet, url, nil)
    if err != nil {
        log.WithError(err).Errorf("Error creating HTTP request")
        return nil, err
    }

    // Add headers
    req.Header.Add("Authorization", conf.GetConfig().APIToken)
    req.Header.Add("Accept", "application/json")

    log.Info("Retrieving tasks from the API")
    resp, err := c.client.Do(req)
    if err != nil {
        log.WithError(err).Errorf("Error retrieving tasks from the backend")
        return nil, err
    }
    defer resp.Body.Close()

    if resp.StatusCode != 200 {
        errMsg := fmt.Sprintf("Received status: %s", resp.Status)
        err = errors.New(errMsg)
        log.WithError(err).Error("Error retrieving tasks from the backend")
        return nil, err
    }

    tasks, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        log.WithError(err).Error("Error reading tasks response body")
        return nil, err
    }

    log.Info("The tasks were successfully retrieved")

    return tasks, nil
}

Is there a another way to solve this problem, without having to ignore the certificate validation? If not, what I am doing wrong in my code?

How do I fix x509 certificate signed by unknown authority?

How to resolve Docker x509: certificate signed by unknown authority error. In order to resolve this error, we have to import the CA certificate in use by the ICP into the system keystore. Then, we have to restart the Docker client for the changes to take effect.

What is x509 certificate signed by unknown authority?

The error "x509: certificate signed by unknown authority" indicates that the backup is trying to connect to an S3 compatible endpoint, presenting an SSL certificate that a Certification Authority issued that the host does not trust.

How do I fix x509 certificate signed by unknown authority in Ubuntu?

1 Answer. Show activity on this post. sudo update-ca-certificates Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.

Golang uses the OS certificate store. The following comment indicates Go uses the Windows store on Windows, similar to Linux.

// CertGetCertificateChain will traverse Windows's root stores in an attempt to build a verified certificate chain

This comment and the associated code is in the following file:

https://golang.org/src/crypto/x509/root_windows.go

Add the server certificate, Intermediate CA certificate and/or Root CA certificate to the Windows XP certificate store. You can use the following Windows XP instructions posted by IBM:

Procedure

From Windows XP, select Start > Run to open the command line.

Type mmc into the Run dialog box and click OK to run the Microsoft Management Console (MMC).

From within MMC, select File > Add/Remove Snap-in.

Click Add.

Click Certificates.

Click My user account.

Click Finish.

Click Close on the Add Standalone Snap-in dialog box.

Click OK on the Add/Remove Snap-in dialog box.

Ref: https://www.ibm.com/docs/en/b2b-integrator/5.2?topic=xp-install-root-certificate-in-windows

GlobalSign and Securely provide similar instructions for more modern versions of Windows but the IBM link above is specifically for Windows XP. The Securely docs below also include screen shots.

Import and Export Certificate - Microsoft Windows
How do I manually install the Securly SSL certificate on Windows - includes screen shots

Golang HTTP x509: certificate signed by unknown authority error

Tags:

windows

ssl

go

Felipe

People also ask

1 Answers

Grokify

Recent Activity

Donate For Us

Golang HTTP x509: certificate signed by unknown authority error

Tags:

windows

ssl

go

Felipe

People also ask

1 Answers

Grokify

Related questions

Recent Activity

Donate For Us