Resolve SSL certificate error with Git » History » Revision 8
Revision 7 (Redmine Admin, 08/06/2014 11:02 AM) → Revision 8/54 (Redmine Admin, 08/06/2014 11:02 AM)
h1. Certificate handling with GIT GIT uses cURL internally for transfering files. Unfortunately cURL uses its own certificate-store and the certificate-chain (Telekom-CA-->DFN-CA-->TU-Clausthal) isn't included by default. Now, when you try to access a GIT-repository you will get an error similar to this: <pre> git clone https://scm.in.tu-clausthal.de/git/testgit Cloning into 'testgit'... error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://scm.in.tu-clausthal.de/git/testgit/info/refs </pre> This is because by default cURL does not know the used certificate chain and rejects the GIT operation. There are several possibilities to avoid this * h3. # and the good and secure one which requires to install the certificate chain used here. h3. # the [[bad and insecure method]] which are based on the fact that GIT/cURL bypasses the SSL certificate verification. * To import the certificate chain for GIT follow these steps: 1. Locate the file https://pki.pca.dfn.de/tu-clausthal-ca/pub/cacert/chain_sha1.txt To import the certificate chain for GIT follow these steps: or choose one of the following options to skip the certificate verification: - Temporary ignore ssl certificate verification: env GIT_SSL_NO_VERIFY=true git clone https://scm.in.tu-clausthal.de/git/PROJECTNAME - Disable ssl verfication for one GIT repository (works after first clone): git config http.sslVerify false - Globally disable ssl verification (not recommended!) git config --global http.sslVerify false