diff --git a/pkgs/development/compilers/go/cacert.patch b/pkgs/development/compilers/go/cacert.patch
new file mode 100644
index 00000000000..42a44313835
--- /dev/null
+++ b/pkgs/development/compilers/go/cacert.patch
@@ -0,0 +1,15 @@
+Go comes with hardcoded cacert. We add the usual in NixOS,
+for easier NixOS life.
+
+diff --git a/src/pkg/crypto/x509/root_unix.go b/src/pkg/crypto/x509/root_unix.go
+index 76e79f4..6ef1dd3 100644
+--- a/src/pkg/crypto/x509/root_unix.go
++++ b/src/pkg/crypto/x509/root_unix.go
+@@ -15,6 +15,7 @@ var certFiles = []string{
+ 	"/etc/ssl/ca-bundle.pem",                 // OpenSUSE
+ 	"/etc/ssl/cert.pem",                      // OpenBSD
+ 	"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD
++	"/etc/ssl/certs/ca-bundle.crt",           // NixOS
+ }
+ 
+ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
diff --git a/pkgs/development/compilers/go/default.nix b/pkgs/development/compilers/go/default.nix
index a5b75ed9435..459ce6310bf 100644
--- a/pkgs/development/compilers/go/default.nix
+++ b/pkgs/development/compilers/go/default.nix
@@ -44,6 +44,7 @@ stdenv.mkDerivation {
     sed -i '/TestHostname/areturn' src/pkg/os/os_test.go
   '';
 
+  patches = [ ./cacert.patch ];
 
   GOOS = "linux";
   GOARCH = if (stdenv.system == "i686-linux") then "386"