x509.Certificate.Verify: "x509: certificate signed by unknown authority"

[dorianl...@gmail.com]

Hi,

I have a "simple" issue regarding x509 certificate verification. There are two certificates:

- cacert.pem: a self signed certificate

- ek.pem: a certificate that was signed by cacert.pem

The following command works as expected:

$ openssl verify -CAfile cacert.pem ek.pem

ek.pem: OK

But the following code doesn't: https://play.golang.org/p/10KMLs4WWt

*Can't be tested on Go Playground

Any help is appreciated. =)

[Simon Ritchie]

Are you trying to figure out why this happens, or do you just want a self-signed certificate that works with Go? 

Assuming that you want to generate a working certificate, I did some work in this area a few weeks ago and encountered problems..  I found some instructions via Google for creating a self signed certificate.  It didn't work with Go, although the error I got was different from the one you got.  I then found a Go utility that generated a certificate that works.

I've written a version of the gRPC hello world example that uses a secure connection using this certificate: https://github.com/goblimey/grpc.  There's a comment in my code:

    // To make the connection work you need a self-signed certificate and a
    // matching private key.  Create these using lc-tlscert:
    //
    //    go get github.com/driskell/log-courier
    //    go install github.com/driskell/log-courier/lc-tlscert
    //    lc-tlscert
    //    (Give your server name as the common name)
    //
    // The common name must match the server name that the client will use to
    // connect.  If the client and server are on the same machine you can use
    // "localhost".


If you are trying to figure out the cause of the problem, then a working example might help with that too.

Regards

Simon