go - How to trust self-signed certificate

Question

As title, is there a way to trust self-signed certificate in Go? Scenario description: I set up a https server, which use self-signed certificate. When I want to call this server with a go client, go need to trust this self-signed certificate.

question from:https://stackoverflow.com/questions/66056820/how-to-trust-self-signed-certificate

Answer 1

Trusting self-signed certificate (server presents itself with) means that https client must be able to verify that self-signed certificate was issued by a trusted authority - that is CA used to sign server certificate needs to be verified by client against the list of trusted CAs. This list can be either managed by client itself or client might leverage operating system trusted CA store to get this list.

First option where client trusts extra CA not trusted by operating system can be achieved by getting operating system trusted certs and appending extra CA cert in there like this:

    rootCAs, _ := x509.SystemCertPool()
    // handle case where rootCAs == nil and create an empty pool...
    if ok := rootCAs.AppendCertsFromPEM(cert); !ok {
       ...
    }

    config := &tls.Config{
        InsecureSkipVerify: *insecure,
        RootCAs:            rootCAs,
    }
    tr := &http.Transport{TLSClientConfig: config}
    client := &http.Client{Transport: tr}

Second option depends on the operating system (you don't specify which OS you are working on). On e.g. Linux Go looks for trusted CAs in these locations so you need to install CA used to sign server certificate there (this differs by OS or even distribution of OS - you will find how to do that in OS documentation).