How to execute an https request to go to an incomplete TLS certificate?

Question

How to execute an https request to go to an incomplete TLS certificate?

I am trying to make an https request in go against a URL that has an incomplete TLS certificate chain. Here the relevant part from Qualys testing tool , which shows the certificate chain, is missing the "Symantec Class 3 Secure Server CA - G4":

Most browsers handle this, apparently because they have Symantec pre-loading? However, a simple golang example will failx509: certificate signed by unknown authority

package main

import (
"log"
"net/http"
)

func main() {

    _, err := http.Get("https://www.example.com/")
    if err != nil {
        log.Fatal(err)
    } else {
        log.Println("Success!") 
    }
}

I notified the site in question, but is there a way I can insert the missing certificate into the certificate store using ?

+4

ssl go x509

Paul dixon Oct 31 '17 at 9:06

source share

1 answer

Paul Dixon · Accepted Answer · 2017-10-31T10:02:30+0000

, , .

Ubuntu, :

#download certificate
cd /usr/local/share/ca-certificates
curl -O https://symantec.tbs-certificats.com/SymantecSSG4.crt

#dump the fingerprint
openssl x509 -noout -fingerprint -sha256 -inform pem -in SymantecSSG4.crt

, , , :

SHA256 Fingerprint=EA:E7:2E:B4:54:BF:6C:39:77:EB:D2:89:E9:70:B2:F5:28:29:49:19:00:93:D0:D2:6F:98:D0:F0:D6:A9:CF:17

:

update-ca-certificates

How to execute an https request to go to an incomplete TLS certificate?

More articles: