(Go Distribution) A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts.
Go Python
Latest commit 03be5e6 Jan 23, 2017 @Lukasa Lukasa Release: 2017.01.23
Failed to load latest commit information.
README.md Add specific example for how to use the cert_pool in an HTTP request. Jun 2, 2014


GoCertifi: SSL Certificates for Golang

This Go package contains a CA bundle that you can reference in your Go code. This is useful for systems that do not have CA bundles that Golang can find itself, or where a uniform set of CAs is valuable.

This is the same CA bundle that ships with the Python Requests library, and is a Golang specific port of certifi. The CA bundle is derived from Mozilla's canonical set.


You can use the gocertifi package as follows:

import "github.com/certifi/gocertifi"

cert_pool, err := gocertifi.CACerts()

You can use the returned *x509.CertPool as part of an HTTP transport, for example:

import (

// Setup an HTTP client with a custom transport
transport := &http.Transport{
    TLSClientConfig: &tls.Config{RootCAs: cert_pool},
client := &http.Client{Transport: transport}

// Make an HTTP request using our custom transport
resp, err := client.Get("https://example.com")

Detailed Documentation

Import as follows:

import "github.com/certifi/gocertifi"


var ErrParseFailed = errors.New("gocertifi: error when parsing certificates")


func CACerts() (*x509.CertPool, error)

CACerts builds an X.509 certificate pool containing the Mozilla CA Certificate bundle. Returns nil on error along with an appropriate error code.