I’m having a similar problem as the above guy so I made a root ca and an
intermediate then a server cert for Nguni loader it in Nginx in
nginxdir/ssl loaded the ca into Firefox and chromium as trusted cas it went
fine visiting my site then distrowatch I went on the sight and it said that
it’s not safe so I approved it through my ca then every site I tried going
to after said insecure connection certificate only valid for and the search
engine site uses htsp and I won’t be able to connect so then. I removed my
ca completely from chromium and Firefox and its still not letting me on any
sites both the ca trust lists on both browsers aren’t showing my ca but all
the trusted ones from Mozilla and its still not letting me get on any sites
anyone have a fix for me please help
On Monday, August 29, 2016 at 10:20:40 PM UTC-4 Dave Cheney wrote:
> These are the locations that are searched on *BSD machines
>
> // Possible certificate files; stop after finding one.
>
> var certFiles = []string{
>
> "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
>
> "/etc/ssl/cert.pem", // OpenBSD
>
> "/etc/openssl/certs/ca-certificates.crt", // NetBSD
>
> }
>
> On Tuesday, 30 August 2016 09:55:34 UTC+10, Niloy Debnath wrote:
>>
>> What version of Go are you using (go version)?
>>
>> go version devel +e6f9f39 Mon Aug 29 18:25:33 2016 +0000 linux/amd64
>> Checkout 1.7 from git master branch and compiled.
>>
>>
>> What operating system and processor architecture are you using (go env)?
>>
>> GOARCH="amd64"
>> GOBIN=""
>> GOEXE=""
>> GOHOSTARCH="amd64"
>> GOHOSTOS="linux"
>> GOOS="linux"
>> GOPATH="/home/ndebnath/opensource"
>> GORACE=""
>> GOROOT="/home/ndebnath/golang/go"
>> GOTOOLDIR="/home/ndebnath/golang/go/pkg/tool/linux_amd64"
>> CC="gcc"
>> GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0
>> -fdebug-prefix-map=/tmp/go-build614456670=/tmp/go-build
>> -gno-record-gcc-switches"
>> CXX="g++"
>> CGO_ENABLED="1"
>>
>> What did you do?
>>
>> Install CAcert on FreeBSD system. I placed the certificate in
>> /etc/ssl/certs, calculated the hash
>> and then created a symlink from /etc/ssl/certs/.0 to cacert.pem.
>>
>> Now the problem is fetch doesn't even look there. It only looks at
>> /usr/local/share/certs/ca-root-nss.crt. So if I remove cert.pem then
>> getting below error,
>>
>> Certificate verification failed for
>> /C=xx/ST=xx/OU=Server/L=unknown/CN=localhost
>> 91426:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
>> verify
>> failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:974:
>> fetch: https://ip:port/v1/agent/checks: Authentication error
>>
>> And other https request is not going through because of "x509:
>> certificate signed by unknown authority".
>>
>> During investigation I have seen that go does not checks for
>> /etc/ssl/certs/ location files if symbolic link for nss root exist (
>> https://golang.org/src/crypto/x509/root_unix.go: Line 32). If I comment
>> out this return statement then it worked for me.
>>
>> What did you expect to see?
>>
>> Both, systems default ca cert and ca files inside /etc/ssl/certs/
>> location should work together on FreeBSD.
>>
>> What did you see instead?
>>
>> ca file at /etc/ssl/certs/ location is not getting validated when system
>> default ca exist.
>>
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/b7aefc1a-1f60-4c0f-9a09-6f64beafd4c9n%40googlegroups.com.
