Jenkins Git integration - How to disable SSL certificate validation

Question

I am getting the below error while creating a job from Jenkins. How do I disable certificate validation in Jenkins?

From Git Bash I can use git config --global http.sslVerify false command to disable it, but not sure how to use it from Jenkins.

Error:

Failed to connect to repository : Command "C:\Program Files (x86)\Git\cmd\git.exe ls-remote -h url ofmy repository.git HEAD" returned status code 128:
stdout:
stderr: fatal: unable to access 'url of my git/': SSL certificate problem: self signed certificate in certificate chain

Answer 1

Best option is to add the self-signed certificate to your certificate store

Obtain the server certificate tree This can be done using chrome.

1. Navigate to be server address. Click on the padlock icon and view the certificates. Export all of the certificate chain as base64 encoded files (PEM) format.

2. Add the certificates to the trust chain of your GIT trust config file In Git bash on the the machine running the job run the following:

"git config --list".

find the http.sslcainfo configuration this shows where the certificate trust file is located.

3. Copy all the certificates into the trust chain file including the "- -BEGIN- -" and the "- -END- -". Make sure you add the ROOT certificate Chain to the certificates file

This should solve your issue with the self-signed certificates and using GIT.

NOT RECOMMENDED

The other way is to remote into your slave and run the following:

git config --global http.sslVerify false

This will save into the global config that this instance never does SSL verification, this is NOT recommended, it should be used only when testing and then disabled again. It should be done properly as above.

Answer 2

to supplement, I've stuck on this for few hours, here's what i've found for SSL related

add

-Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true 

as parameter as java jnlp command,

and to set GIT_SSL_NO_VERIFY=true as environment variable, so the start slave command at slave side now looks like (not sure if some parameteres are duplicate)

export GIT_SSL_NO_VERIFY=true

java -Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true -jar slave.jar -jnlpUrl ${jenkins_url}/computer/${slave_name}/slave-agent.jnlp -secret ${secret} -noCertificateCheck

you may need the same

-noCertificateCheck

while trying to call jenkins-cli.jar

(up to https://blog.csdn.net/froghui/article/details/39641221)

since everytime the jenkins slave initiazted a git operation, it's a clean env, that handled by jenkins git plugin

Answer 3

Create Freestyle project and Add "Windows Batch Command" and add the

git config http.sslVerify false or git config --config http.sslVerify false

Once this is done, save it and build the job

Now your jenkin is configured to as not to do ssl verification. After the successful build now you can remove the batch command build step and edit the same project for your configuration.

Answer 4

You can use JGit and can fix it by creating a .gitconfig file in JENKINS_HOME with this lines:

[http]
sslVerify = false

Service restart is required.

Answer 5

Login or switch to jenkins user; for switching run this command on terminal:

su - jenkins

And then run

git config --global http.sslVerify false

Answer 6

I had the same problem. First i used Git using a Shell Script that disabled the SSL Verification before the clone or pull.

Later i switched to using JGit instead which works as expected (though its not recommended to use). However with JGit you some features such as shallow clones are not supported.

Afair i didn't have to install anything to use JGit

Answer 7

Set the environment variable in windows,

GIT_HOME=path till the bin folder of your git installation and then add it to the path variable.