x509: certificate signed by unknown authority error

[jorge...@bq.com]

Hi!

I found something weird but I don't know if it's my problem or a go bug.

I'm using go 1.6.2 under debian (x86_64 kernel 3.16.0-4.amd64)

I have a little go program that makes a request to a server:

package main

import "net/http"
import "fmt"

func main() {
 _, err := http.Get("https://my-web")
 if err != nil {
 fmt.Println(err)
 } else {
 fmt.Println("OK")
 }
}

This server uses a certificate signed by a root ca (self signed root ca that I created).

I have that root-ca under /usr/local/share/ca-certificates (with the proper update-ca-certificates).

Everithing was working fine until I made some changes.

Due to low validity that I provide to the root-ca I think about "recertificate" it.

I made it with openssl (I used the same private key as before).

openssl req -new -key ca-key.pem -out root.csr -config /etc/ssl/openssl.cnf -sha256

openssl x509 -req -days 3650 -in root.csr -signkey ca-key.pem -out root.pem -extfile extfile.cnf -sha256

After this I checked that the server certificate was properly verified by this new root-ca certificate (which it was).

So after that I change my new root-ca certificate under /usr/local/share/ca-certificates (with the proper update-ca-certificates) and I execute the code shown before, but if fails with:

 x509: certificate signed by unknown authority

To check if this was my problem I used curl and a python script with requests and both works perfectly fine.

import requests
print requests.get("https://my-web")

curl "https://my-web"

I guess that my go program should work too.

I don't know if I explained myself clearly...

 ^{Nos encantan los árboles. No me imprimas si no es necesario.}

Protección de Datos: Mundo Reader S.L. le informa de que los datos personales facilitados por Ud. y utilizados para el envío de esta comunicación serán objeto de tratamiento automatizado o no en nuestros ficheros, con la finalidad de gestionar la agenda de contactos de nuestra empresa y para el envío de comunicaciones profesionales por cualquier medio electrónico o no. Puede consultar en www.bq.com los detalles de nuestra Política de Privacidad y dónde ejercer el derecho de acceso, rectificación, cancelación y oposición.

Confidencialidad: Este mensaje contiene material confidencial y está dirigido exclusivamente a su destinatario. Cualquier revisión, modificación o distribución por otras personas, así como su reenvío sin el consentimiento expreso está estrictamente prohibido. Si usted no es el destinatario del mensaje, por favor, comuníqueselo al emisor y borre todas las copias de forma inmediata. Confidentiality: This e-mail contains material that is confidential for de sole use of de intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.