如何将 Git 配置为信任来自 Windows 证书存储的证书?
[英]How do I configure Git to trust certificates from the Windows Certificate Store?
问题描述
Currently I have the following entry in my .gitconfig in my user directory.
目前,我的用户目录中的.gitconfig中有以下条目。
...
[http]
sslCAInfo=C:\\Users\\julian.lettner\\.ssh\\git-test.pem
...
This sets the certificate to use when interacting with the git server (required by my company's git server).这设置了与 git 服务器交互时使用的证书(我公司的 git 服务器需要)。
But now I cannot clone other repositories (for example a public repository on GitHub), because the client always uses the configured certificate which gets rejected by other servers.但是现在我无法克隆其他存储库(例如 GitHub 上的公共存储库),因为客户端始终使用被其他服务器拒绝的已配置证书。
How can I circumvent this certification issue?我怎样才能避免这个认证问题? Can I configure Git to use the Windows Certificate Store to authenticate?我可以将 Git 配置为使用 Windows 证书库进行身份验证吗?
2 个解决方案
解决方案1
66 已采纳 2018-01-11 17:26:07
Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer. 从Git for Windows 2.14开始,您现在可以将Git配置为使用内置Windows网络层SChannel。 This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism. 这意味着它将使用Windows证书存储机制,你并不需要显式配置卷曲CA存储机制。
From the Git for Windows 2.14 release notes : 从Git for Windows 2.14 发行说明 :
It is now possible to switch between Secure Channel and OpenSSL for Git's HTTPS transport by setting the
http.sslBackendconfig variable to"openssl"or"schannel";http.sslBackend配置变量设置为"openssl"或"schannel"来在安全通道和OpenSSL之间切换Git的HTTPS传输; This is now also the method used by the installer (rather than copyinglibcurl-4.dllfiles around).libcurl-4.dll文件)。
You can choose the new SChannel mechanism during the installation of Git for Windows 2.14. 您可以在安装Git for Windows 2.14期间选择新的SChannel机制。 You can also update an existing installation to use SChannel by running: 您还可以通过运行以下内容来更新现有安装以使用SChannel:
git config --global http.sslBackend schannel
Once you have configured this, Git will use the Windows certificate store and should not require (and, in fact, should ignore) the http.sslCAInfo configuration setting. 配置完成后,Git将使用Windows证书存储,并且不应要求(实际上应该忽略) http.sslCAInfo配置设置。
解决方案2
4 2013-05-21 11:09:32
Use: 采用:
git config --local ...
To specify per-repository settings. 指定每个存储库设置。 Local settings are stored in the .git directory. 本地设置存储在.git目录中。
An overview of the three locations where git can store settings: git可以存储设置的三个位置的概述:
-
--local: Repository specific,<repo_dir>/.git/config--local:特定--local存储库,<repo_dir>/.git/config -
--global: User-specific,~/.gitconfig--global:特定于用户,~/.gitconfig -
--system: System default,/etc/gitconfig--system:系统默认,/etc/gitconfig
More specific ones override more general settings, ie local overrides both global and system. 更具体的覆盖更多一般设置,即全局和系统的本地覆盖。
解决方案3
0 2022-08-15 16:04:24
I had the same problem and the solution was to clone git repository with url starting with 'http' instead of 'https'我遇到了同样的问题,解决方案是克隆 git 存储库,url 以“http”而不是“https”开头
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.