Go: crypto/x509: certificate signed by unknown authority again

What version of Go are you using (go version)?

$ go version
go version go1.10 darwin/amd64

(also tested on go1.11rc2)

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/brunetto.ziosi/Library/Caches/go-build"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/brunetto.ziosi/Code"
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/m3/145jfhdd5qsf66_41wt9p02mhc4hp5/T/go-build960163842=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

I work in a company with a firewall that basically operates as a Man In The Middle with its own certificate. The certificate was pushed to our dev computers (MacBookPro with OS X High Sierra - 10.13.6) but I can't make Go recognize it. As a result, every network operation including a https endpoint outside the company network fails, both Go tools and developed programs. I've read a lot of issues and blog posts about it but still I didn't find any fix.

Example program:

package main

import (
    "io"
    "log"
    "net/http"
    "os"
)

func main() {
    resp, err := http.Get("https://www.google.com/")
    if err != nil {
        log.Fatal(err)
    }

    io.Copy(os.Stdout, resp.Body)
}

What did you expect to see?

The google page (or any https endpoint response) printed to the STDOUT

What did you see instead?

$ go run main.go
2018/08/23 18:13:27 Get https://www.google.com/: x509: certificate signed by unknown authority
exit status 1