Resolve SSL certificate error with Git » History » Revision 12
Revision 11 (Redmine Admin, 08/06/2014 11:08 AM) → Revision 12/54 (Redmine Admin, 08/06/2014 11:13 AM)
h1. Certificate handling with GIT GIT uses cURL internally for transfering files. Unfortunately cURL uses its own certificate-store and the certificate-chain (Telekom-CA-->DFN-CA-->TU-Clausthal) isn't included by default. Now, when you try to access a GIT-repository you will get an error similar to this: <pre> git clone https://scm.in.tu-clausthal.de/git/testgit Cloning into 'testgit'... error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://scm.in.tu-clausthal.de/git/testgit/info/refs </pre> This is because by default cURL does not know the used certificate chain and rejects the GIT operation. There are several possibilities to avoid this # and [[#the [[Certificate handling with GIT#the good and secure method]] which requires to install the certificate chain used here. # [[the bad and insecure method]] which are based on the fact that GIT/cURL bypasses the SSL certificate verification. The [[bad and insecure method]] allows a man-in-the-middle-attack and really should be used. You have been warned! Don't even think about using it. h3(#the good and secure method). The good and secure method to use GIT over HTTPS To import the certificate chain for GIT follow these steps: 1. Locate the file https://pki.pca.dfn.de/tu-clausthal-ca/pub/cacert/chain_sha1.txt To import the certificate chain for GIT follow these steps: or choose one of the following options to skip the certificate verification: - Temporary ignore ssl certificate verification: env GIT_SSL_NO_VERIFY=true git clone https://scm.in.tu-clausthal.de/git/PROJECTNAME - Disable ssl verfication for one GIT repository (works after first clone): git config http.sslVerify false - Globally disable ssl verification (not recommended!) git config --global http.sslVerify false