Discussion:
x509: certificate signed by unknown authority
f***@public.gmane.org
2012-11-26 17:22:40 UTC
Permalink
Hello, I get the same error with go get code.google.com/p/go-tour/gotour
The output of openssl s_client -connect code.google.com:443 is as follows:

CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF/DCCBWWgAwIBAgIKOsLhPgAAAABt3jANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMjExMDcwODQyNThaFw0xMzA2MDcxOTQzMjda
MGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRUwEwYDVQQDFAwqLmdv
b2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJT0m68wt0iVShO
wblNR8YnLJ6J4ybg8QWB6c9v8bcL3qLMxhccI2b05YrCIujVHe6kcOiLYkECrloZ
j4DDjxzgGHba2m1etbM8PFx6xZKVOACpyRUWL3Vm47JQQC1evsgSFYhiFiAeQ+nz
5g+zTQjCqo+oib58nSUT2KPdloMVAgMBAAGjggPPMIIDyzAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFN2/IzoBp0u6jSUQJYoNttreLYvK
MB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrjaxIkMFsGA1UdHwRUMFIwUKBO
oEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3Jp
dHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3JsMGYGCCsGAQUFBwEBBFowWDBW
BggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l
dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcnQwDAYDVR0TAQH/
BAIwADCCApUGA1UdEQSCAowwggKIggwqLmdvb2dsZS5jb22CCmdvb2dsZS5jb22C
DSoueW91dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUu
Y29tggh5b3V0dS5iZYILKi55dGltZy5jb22CDyouZ29vZ2xlLmNvbS5icoIOKi5n
b29nbGUuY28uaW6CCyouZ29vZ2xlLmVzgg4qLmdvb2dsZS5jby51a4ILKi5nb29n
bGUuY2GCCyouZ29vZ2xlLmZyggsqLmdvb2dsZS5wdIILKi5nb29nbGUuaXSCCyou
Z29vZ2xlLmRlggsqLmdvb2dsZS5jbIILKi5nb29nbGUucGyCCyouZ29vZ2xlLm5s
gg8qLmdvb2dsZS5jb20uYXWCDiouZ29vZ2xlLmNvLmpwggsqLmdvb2dsZS5odYIP
Ki5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5j
b4IPKi5nb29nbGUuY29tLnZugg8qLmdvb2dsZS5jb20udHKCDSouYW5kcm9pZC5j
b22CC2FuZHJvaWQuY29tghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29t
bWVyY2UuY29tghAqLnVybC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hp
bi5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3Mu
Y29tghIqLmNsb3VkLmdvb2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGlj
LmNvbYIPKi5nb29nbGVhcGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tMA0G
CSqGSIb3DQEBBQUAA4GBAIVSPsSU4VY9hRfuyVzyt4ekXaRnrQ8mT12JAdTmyycj
5cqN9j7m9QXvdb8V7YhyIGyc+SGPZxiYLQ6eubAzlsUmRd1+vrpAZHtAS1vC+YJU
k+JHN5514cJ3mOByMdIGhbSTHE1AZHUJ8sqMQCYtzVyeFQKL5JmcpnvCnsQHtL09
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 2388 bytes and written 307 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: 520616718CA1EE75E76DF735F64E10CC047EE4A1BEEB5124077058FCE637702A
Session-ID-ctx:
Master-Key: E0616BB1CACB9821D72C9A72DBDFBF971289A1430F8E611B84A04B9D8B67E7257AF896A289FC2E628D688F85F16EB3A0
Key-Arg : None
Start Time: 1353950294
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---

Installing gotour is not vital for me and I hardly have any knowledge of
SSL, but if this could help someone identify and fix the problem, I’d be
glad.

Thank you in advance,
--
Florian
I've tried on a few different machines and I cannot replicate the
problem. Can you please post the output of
openssl s_client -connect code.google.com:443
pulling from https://code.google.com/p/go
searching for changes
no changes found
package code.google.com/p/go-tour/gotour: Get
certificate signed by unknown authority
what is this? using current tip
--
agl
2012-11-26 22:36:01 UTC
Permalink
Post by f***@public.gmane.org
Hello, I get the same error with go get code.google.com/p/go-tour/gotour
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
That's correct. I'd guess that we're failing to find the root certificates
on your system.

The places that we look for them are listed in
http://golang.org/src/pkg/crypto/x509/root_unix.go


Cheers

AGL

--
f***@public.gmane.org
2012-11-26 23:37:51 UTC
Permalink
Thank you very much. I don’t exactly know why it works now, all I did is
that (with ubuntu lucid):
cd /etc
sudo vim ca-certificates.conf
then un-de-activate (also activate by removing the !) the line with *
cacert.org/cacert.org.crt* (I guess this was unnecessary)
then un-de-activate (also activate by removing the !) the line with *
mozilla/Equifax_Secure_CA.crt* (I guess this was the thing)
then run the command update-ca-certificates as root
And next time I tried go get code.google.com/p/go-tour/gotour it worked.

Thank you very much for your help!
--
Florian
Post by agl
Post by f***@public.gmane.org
Hello, I get the same error with go get code.google.com/p/go-tour/gotour
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
That's correct. I'd guess that we're failing to find the root certificates
on your system.
The places that we look for them are listed in
http://golang.org/src/pkg/crypto/x509/root_unix.go
Cheers
AGL
--
Jeff Mitchell
2013-04-15 17:47:48 UTC
Permalink
Post by agl
Post by f***@public.gmane.org
Hello, I get the same error with go get code.google.com/p/go-tour/gotour
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
That's correct. I'd guess that we're failing to find the root
certificates on your system.
The places that we look for them are listed in
http://golang.org/src/pkg/crypto/x509/root_unix.go
I'm having the same exact problem, except on OSX (and with go.talks instead
of gotour). Using Go 1.0.3. Any ideas?

Thanks,
Jeff
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
agl
2013-04-15 23:36:41 UTC
Permalink
Post by Jeff Mitchell
I'm having the same exact problem, except on OSX (and with go.talks
instead of gotour). Using Go 1.0.3. Any ideas?
Do any of the files listed in
http://golang.org/src/pkg/crypto/x509/root_unix.go exist? If not, then
that's probably the issue.


Cheers

AGL
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
Loading...