git clone https/ssl error

Question

I have installed the ssl certificate and key in my git server. But am getting error when i try to clone via https from my mysysgit. Earlier it was working fine with http. Unable to identify where it is failing

$ git clone https://server.name/git/testing.git
Cloning into 'testing'...
* Couldn't find host server.name in the _netrc file; using defaults
* About to connect() to server.name port 443 (#0)
*   Trying server.name...
* Adding handle: conn: 0x274fd60
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x274fd60) send_pipe: 1, recv_pipe: 0
* Connected to server.name(server.name) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: C:\Users\user1\AppData\Local\Programs\Git/bin/curl-ca-bundle.crt
  CApath: none
* SSL certificate problem: self signed certificate
* Closing connection 0
fatal: unable to access 'https://server.name/git/testing.git/': SSL certificate problem: self signed certificate

This has been marked as duplicate of the question relating to self-signed certificates. However, this can happen also with non self-signed certificates when an intermediate certificate is not registered on the server. Please, see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787281 The explanation: http://nginx.org/en/docs/http/configuring_https_servers.html#chains And the possible solution (with nginx): https://futurestud.io/tutorials/how-to-configure-nginx-ssl-certifcate-chain — jplandrain, Nov 22 '18 at 15:41

score 80 · Answer 1 · edited Oct 13 '15 at 09:07

80

If you are getting an error while doing a git clone, then above needs to be changed to:

git config --global http.sslVerify false

edited Oct 13 '15 at 09:07

BuZZ-dEE

6,075
12
66
96

answered Dec 20 '13 at 10:36

Pradeep S

2,289
2
16
6

3

You should probably never do this globally like this. Do it on a per repo basis without the `--global`. – Travis Reeder May 30 '17 at 15:21
Agreed Travis the --global poses a significant security risk. – Alex KeySmith Mar 21 '18 at 11:49
5

See the other question/answer https://stackoverflow.com/questions/11621768/how-can-i-make-git-accept-a-self-signed-certificate for how to do this on a per-command basis: `git -c http.sslVerify=false clone . . .` – qneill Mar 28 '18 at 18:51
Works for: `fatal: unable to access 'https://github.com/somerepo.git/': Problem with the SSL CA cert (path? access rights?)` ` – EsmaeelE May 06 '20 at 20:17

VonC · Answer 2 · 2018-12-19T09:07:54.433

23

You might have to disable the certificate verification in your case:

cd /path/to/repo
git config http.sslVerify false

(as in "Git: ignore a self signed certificate")

The other option, similar to "Unable to clone Git repository due to self signed certificate" would be to import that certificate into git.

That is: copied it at the end of the file /path/to/git/bin/curl-ca-bundle.crt.

I would not advise git config --global http.sslVerify false, as that would disable certificate verification for all local repositories.

edited Dec 19 '18 at 09:07

answered Oct 01 '13 at 11:15

VonC

1,262,500
529
4,410
5,250

I got => fatal: not in a git directory. What does meaning ? – Aguid Dec 18 '18 at 08:36
@Aguid It means you have not executed that command in a local git repository (a folder with a .`git` subfolder in it) – VonC Dec 18 '18 at 08:38
@Aguid True, but not recommended. See my edited answer. – VonC Dec 18 '18 at 08:53

score 4 · Answer 3 · edited Oct 27 '14 at 09:28

4

Check your .gitconfig file.

If you've found the following line, Remove it!

[http]
sslCAinfo = /bin/curl-ca-bundle.crt

It worked for me.

edited Oct 27 '14 at 09:28

Andrey Korneyev

26,353
15
70
71

answered Oct 27 '14 at 09:05

madholic

66
1

git clone https/ssl error

3 Answers3

Linked