Complement based on @Saad Malik's answer,

Conclusion:

1. Golang will load the CA certificate file and all certificates under the CA certificate directories as it's root CA certificates.
2. The CA certificate file and directories have default values shown in below code snippets.
3. CA certificate file can be overridden with environment variable SSL_CERT_FILE (the customized CA certificate file path)
4. CA certificate directories can be overridden with system environment variable SSL_CERT_DIR (colon separated list of directories)

Source path: https://golang.org/src/crypto/x509/root_linux.go.

var certFiles = []string{

    "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.

    "/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6

    "/etc/ssl/ca-bundle.pem",                            // OpenSUSE

    "/etc/pki/tls/cacert.pem",                           // OpenELEC

    "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7

    "/etc/ssl/cert.pem",                                 // Alpine Linux

}


// Possible directories with certificate files; all will be read.

var certDirectories = []string{

    "/etc/ssl/certs",     // SLES10/SLES11, https://golang.org/issue/12139

    "/etc/pki/tls/certs", // Fedora/RHEL

}

Source Path: https://golang.org/src/crypto/x509/root_unix.go.

    // certFileEnv is the environment variable which identifies where to locate

    // the SSL certificate file. If set this overrides the system default.

    certFileEnv = "SSL_CERT_FILE"


    // certDirEnv is the environment variable which identifies which directory

    // to check for SSL certificate files. If set this overrides the system default.

    // It is a colon separated list of directories.

    // See https://www.openssl.org/docs/man1.0.2/man1/c_rehash.html.

    certDirEnv = "SSL_CERT_DIR"