Docker go image - cannot go get - x509: certificate signed by unknown authority

inside docker golang image i am trying to go install a package and fail on this error:

go install google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: google.golang.org/protobuf/cmd/protoc-gen-go@1.27.0: invalid version: Get "https://proxy.golang.org/google.golang.org/protobuf/cmd/protoc-gen-go/@v/1.27.0.info": x509: certificate signed by unknown authority

i tried installing CA certificates unsuccessfully

any idea what could be the problem ?

Ok so the problem was my security client: Cisco AnyConnect "Umbrella".

it was acting like a man in the middle and re-sign the request with its own certificate.

in order for the in-docker go client to trust the traffic re-signed by the Cisco Umbrella, the "Cisco Umbrella Root CA" certificate was needed to be added to the docker file:

so clicking on the .cer URI we can see that certificate.

now inside my container i could:

$ wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer

then convert it from .cer to a .crt file:

$ openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt

then copy it to the certificate folder:

$ cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt

and lastly update certificates:

$ update-ca-certificates

which outputs this:

Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

done! now we can go get any package:

$ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
go: downloading google.golang.org/protobuf v1.27.1

this was written about cisco security client but can be applied to any client out there