Project

General

Profile

Actions

Resolve SSL certificate error with Git » History » Revision 4

« Previous | Revision 4/54 (diff) | Next »
Redmine Admin, 08/06/2014 11:01 AM


Certificate handling with GIT

GIT uses cURL internally for transfering files. Unfortunately cURL uses its own certificate-store
and the certificate-chain (Telekom-CA-->DFN-CA-->TU-Clausthal) isn't included by default.

Now, when you try to access a GIT-repository you will get an error similar to this:

git clone https://scm.in.tu-clausthal.de/git/testgit
Cloning into 'testgit'...
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://scm.in.tu-clausthal.de/git/testgit/info/refs

This is because by default cURL does not know the used certificate chain and rejects the GIT operation.
There are several possibilities to avoid this
  1. and the good and secure one which requires to install the certificate chain used here.
  2. the bad and insecure method which are based on the fact that GIT/cURL bypasses the SSL certificate verification.

To import the certificate chain for GIT follow these steps:
1. Locate the file

https://pki.pca.dfn.de/tu-clausthal-ca/pub/cacert/chain_sha1.txt
To import the certificate chain for GIT follow these steps:

or choose one of the following options to skip the certificate verification:
- Temporary ignore ssl certificate verification:
env GIT_SSL_NO_VERIFY=true git clone https://scm.in.tu-clausthal.de/git/PROJECTNAME

- Disable ssl verfication for one GIT repository (works after first clone):
git config http.sslVerify false

- Globally disable ssl verification (not recommended!)
git config --global http.sslVerify false

Updated by Redmine Admin over 10 years ago · 4 revisions