x509: certificate signed by unknown authority

[WilfredDube]

Which version of the SDK was used?

v0.14.0

Which platform are you using? (ex: Windows, Linux, Debian)

Linux

What problem was encountered?

When I run the Go app on my local machine I'm able to connect to Azure blob and put/get blobs. However when I run the application in a docker container I get the following error:

write error: -> github.com/Azure/azure-pipeline-go/pipeline.NewError, /go/pkg/mod/github.com/!azure/azure-pipeline-go@v0.2.3/pipeline/error.go:157
HTTP request failed

Put "https://storagename.blob.core.windows.net/cont/file?blockid=IKLDWfiIQUioEh9o..&comp=block&timeout=61": x509: certificate signed by unknown authority

I would like to know why I get this error and how I can solve it?

How can we reproduce the problem in the simplest way?

Scratch image causes the problem.

Have you found a mitigation/solution?

No

[Gibstick]

The scratch image doesn't include any CA certificates. Normally every distro will bundle these or have a package you can install so that applications can verify signatures on TLS certificates. Because you are using scratch, they haven't been included.

You can fix this by copying ca-certificates from somewhere else into a location that go is hardcoded to look for them. If you are using scratch, then you are probably already using a multi-stage build with the go image. You can apt-get install ca-certificates and copy them from the previous stage into your scratch-based image at /etc/ssl/certificates.

[mohsha-msft]

Hey @WilfredDube ,

Has this problem resolved after @Gibstick's response or still persisting?

[WilfredDube]

Hey @WilfredDube ,

Has this problem resolved after @Gibstick's response or still persisting?

I am now using the alpine image instead

FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/exec .
ENTRYPOINT [ "./exec" ]