4

I just started getting this error when trying to push my changes. I don't know what changed on my system and there should not be any self-signed certs in this connection.

Git has been uninstalled and re-installed. Git appears to be using the proper bundle: http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

Disabling cert checking is not an option.

How can I troubleshoot this issue?

The goal is to push my code to GitHub, but how did a self-signed cert get into this connection and how do I get it out?

SCote
  • 664
  • 1
  • 8
  • 19

3 Answers3

5

I discovered that Kaspersky antivirus started using self-signed certificates in their "Web Anti-Virus" feature which caused Git to complain.

In order to work with the remote in any way over HTTP (push, fetch, pull, etc.) Kaspersky Web Anti-Virus needs to be disabled or that particular Git repo added to the exclusions list.

SCote
  • 664
  • 1
  • 8
  • 19
  • Good catch, more precise than my answer, +1. – VonC Jun 09 '18 at 13:40
  • Actually just click on their certificate using certmgr.msc (Windows) and restrict what the certificate can be used for so it does not mess with everything. Symantec does the same thing. Usually I just disable their certificates so that they cannot be used. – John Hanley Jun 11 '18 at 01:12
  • Confirmed that disabling Kaspersky does help. But still I cannot add repo to exclusions list, this doesn't work. see https://forum.kaspersky.com/index.php?/topic/362751-add-exception-for-self-signed-certificate/ – gamliela Jul 10 '18 at 11:00
0

First, you have the option to switch to ssh, provided you have generated a simple (no passphrase for now, just for testing) private SSH key and publish your public SSH key to your account:

git remote set-url git@github.com:me/myrepo.git

But regarding your current issue, try first pushing after setting a simplified path:

set G=c:\path\to\latest\git
set PATH=%G%\bin;%G%\usr\bin;%G%\mingw64\bin
set PATH=%PATH%;C:\windows\system32;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\

By using the smallest PATH (for testing), you ensure that only your Git is used, and it should be able to push to GitHub.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
0

I had the same exact issue but used a different solution. Rather than disable the Web Anti-virus or rely on exclusions, I added the Kaspersky certificate to my Git for windows trust store.

Finding the Kaspersky certificate was not that straight-forward. In my Kaspersky version, it was buried at the below location:

Settings > Additional > Network > Encrypted connections scanning - Advanced Settings > Install Certificate > Show Certificate > Details > Copy to File > Base-64 encoded X.509 (.cer)

Once you have the certificate, you need to locate your Git trust store, then add it there. Reference here for details.

The Gilbert Arenas Dagger
  • 12,071
  • 13
  • 66
  • 80