Docker go image – cannot go get – x509: certificate signed by unknown authority – Code Utility


inside docker golang image i am trying to go install a package and fail on this error:

go install[email protected]:[email protected]: invalid version: Get "": x509: certificate signed by unknown authority

i tried installing CA certificates unsuccessfully

any idea what could be the problem ?


Ok so the problem was my security client: Cisco AnyConnect “Umbrella”.

it was acting like a man in the middle and re-sign the request with its own certificate.

in order for the in-docker go client to trust the traffic re-signed by the Cisco Umbrella, the “Cisco Umbrella Root CA” certificate was needed to be added to the docker file:

Cisco Umbrella certificate chain

so clicking on the .cer URI we can see that certificate.

now inside my container i could:

$ wget

then convert it from .cer to a .crt file:

$ openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt

then copy it to the certificate folder:

$ cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt

and lastly update certificates:

$ update-ca-certificates

which outputs this:

Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

done! now we can go get any package:

$ go install[email protected]
go: downloading v1.27.1

this was written about cisco security client but can be applied to any client out there