Git: SSL certificate problem: unable to get local issuer certificate
Question
I use git, with GitLab, all worked fine, until several days ago I started to get the SSL certificate problem error:
PS C:\proj> git clone https://git.company.com/dev/myproject.git
Cloning into 'myproject'...
fatal: unable to access 'https://git.company.com/dev/myproject.git/':
SSL certificate problem: unable to get local issuer certificate
As I understood, deactivate the SSL verification is a security problem, so I would not like the solution where setting http.sslverify false .
The problem is similar to this one . The found solution is to set http.sslCAInfo to C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt ", solution that didn't work for me.
Could someone explain in simple words:
- what is that.crt certificate (I suppose it is for the secure handshake between local and distant git servers?),
- how to correctly obtain that certificate
- where to keep it on the dev machine
- how to configure git to use it
- what is the difference between SSH and SSL in this case.
PS. Following the VonC answer I get the proposed version output
1 answers
solution1
1 2022-11-18 06:38:41
You need to get the certificate chain (intermediate and root CA) for your company site.
In a git bash session, as in here :
echo | openssl s_client -connect git.company.com:443 -servername git.company.com -showcerts | openssl crl2pkcs7 -nocrl | openssl pkcs7 -noout -print_certs
From there, you need
- save those in a
file.crt - reference that file in your global git config
That is:
git config --global http."https://*.comany.com/".sslcainfo "C:\path\to\file.crt"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.