Certificate handling with GIT¶

GIT uses cURL internally for transfering files. Unfortunately cURL uses its own certificate-store
and the certificate-chain (Telekom-CA-->DFN-CA-->TU-Clausthal) isn't included by default.

Now, when you try to access a GIT-repository you will get an error similar to this:

git clone https://scm.in.tu-clausthal.de/git/testgit
Cloning into 'testgit'...
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://scm.in.tu-clausthal.de/git/testgit/info/refs

This is because by default cURL does not know the used certificate chain and rejects the GIT operation.
There are several possibilities to avoid this

h3.# and the good and secure one which requires to install the certificate chain used here.
h3.# the bad and insecure method which are based on the fact that GIT/cURL bypasses the SSL certificate verification.

To import the certificate chain for GIT follow these steps:
1. Locate the file

https://pki.pca.dfn.de/tu-clausthal-ca/pub/cacert/chain_sha1.txt
To import the certificate chain for GIT follow these steps:

or choose one of the following options to skip the certificate verification:
- Temporary ignore ssl certificate verification:
env GIT_SSL_NO_VERIFY=true git clone https://scm.in.tu-clausthal.de/git/PROJECTNAME

- Disable ssl verfication for one GIT repository (works after first clone):
git config http.sslVerify false

- Globally disable ssl verification (not recommended!)
git config --global http.sslVerify false