How to check validity of PEM certificate issued by CA

I have a certificate (PEM), and I'd like to check if the certificate is valid and signed by CA. I already have the CA certificate (PEM). What is a simple, but secure way to check the certificate in Go, using the standard crypto/x509 package?

You need to use Certificate.Verify(). There is an example for exactly what you want to do in the docs:

https://golang.org/pkg/crypto/x509/#example_Certificate_Verify

func verifyCert(rootPEM, certPEM string, name string) error {
	roots := x509.NewCertPool()
	ok := roots.AppendCertsFromPEM([]byte(rootPEM))
	if !ok {
		return fmt.Errorf("failed to parse root certificate")
	}

	block, _ := pem.Decode([]byte(certPEM))
	if block == nil {
		return fmt.Errorf("failed to parse certificate PEM")
	}
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return fmt.Errorf("failed to parse certificate: %v", err.Error())
	}

	opts := x509.VerifyOptions{
		DNSName: name,
		Roots:   roots,
	}

	if _, err := cert.Verify(opts); err != nil {
		return fmt.Errorf("failed to verify certificate: %v", err.Error())
	}

	return nil
}

DISCLAIMER: I reorganized it as a function and removed the panics for error handling. The code is otherwise unchanged from the example in the official documentation.