How to specify x509 certificate for Azure SDK in Golang


I am trying to connect to use the Azure SDK for Golang to download files from a container online to my device and am using the connection string provided from azure to connect. For context this is running on a version of embedded Linux

I have two questions, first how do I pass a specific certificate to the azure SDK to use to connect, as currently when I connect, I get this issue

Get "": x509: certificate signed by unknown authority

or failing that how do I generate the correct certificate to put it in /etc/ssl? Which I think is where go is looking for certificates as far as I understand.

Also second question what function from the azure sdk for go should I be using to download from a blob online if my folder structure looks like /transaction/my-libs/images/1.0.0/libimage.bin where transaction is my blob container.

func testConnection(){

    connStr := "..." // actual connection string hidden 

    serviceClient, err := azblob.NewServiceClientFromConnectionString(connStr, nil)

    // crashes here <------------

    //ctx := context.Background()
    //container := serviceClient.NewContainerClient("transactions")
    //_, err = container.Create(ctx, nil)
    //blockBlob := container.NewBlockBlobClient("erebor-libraries")
    //_, err = blockBlob.Download(ctx, nil)

    //Open a buffer, reader, and then download!
    downloadedData := &bytes.Buffer{}
    reader := get.Body(RetryReaderOptions{}) // RetryReaderOptions has a lot of in-depth tuning abilities, but for the sake of simplicity, we'll omit those here.
    _, err = downloadedData.ReadFrom(reader)
    err = reader.Close()
    if data != downloadedData.String() {
        err := errors.New("downloaded data doesn't match uploaded data")
        if err != nil {

    pager := container.ListBlobsFlat(nil)
    for pager.NextPage(ctx) {
        resp := pager.PageResponse()

        for _, v := range resp.ContainerListBlobFlatSegmentResult.Segment.BlobItems {



• You can use the following Azure SDK for Go command for passing a specific certificate to the Azure SDK to connect to other Azure resources by creating a service principal for it: –

‘ type ClientCertificateConfig struct {
  ClientID            string
  CertificatePath     string
  CertificatePassword string
  TenantID            string
  AuxTenants          []string
  AADEndpoint         string
  Resource            string
 } ‘

For more information on the creation of the client certificate and its usage, please refer to the documentation link below for more details: –

Also, even if your folder structure is ‘/transaction/my-libs/images/1.0.0/libimage.bin’, but the blob URL is unique with folder hierarchy mentioned in the blob URL, thus when connecting to the Azure storage account to download the blob, mention the URL in single inverted comma notation for the blob path to be specific.

Please refer to the sample code below for downloading the blobs through Azure SDK for Go: –

Answered By – KartikBhiwapurkar-MT

Answer Checked By – Terry (GoLangFix Volunteer)

Leave a Reply

Your email address will not be published.