Git clone use gitlab self-signed CA throws error: requested domain name does not match the server's certificate

Question

As I have already known by some people's suggest, diable http.sslVerify is a bad idea, and according to some post, the best practice is to add the gitlab server CA to local, so I tried it in different ways:

Add the CA file path to git config

git config --global http.sslCAInfo /home/yp/git-certs/rd.crt
git clone https://10.xx.xx.xx/xxDepart/xxProject.git

Directly git clone with CA file path carried:

GIT_SSL_CAINFO=/home/yp/git-certs/rd.crt git clone https://10.xx.xx.xx/xxDepart/xxProject.git

But both ways give me the same error: Unable to communicate securely with peer: requested domain name does not match the server's certificate. I think it's maybe a gitlab server issue or CA problem instead of a local git configuration error. Does anyone met this kinds of issue before, and can share the solution? I am using an CentOS7.6 server and git version is 2.8

score 2 · Accepted Answer · answered Jun 12 '21 at 05:32

Try and display the SAN (Subject Alternative Name) of your certificate

openssl x509 -text -noout -in cert.pem \
        -certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux

If it does not include your IP address, the certificate won't be considered valid.

Git clone use gitlab self-signed CA throws error: requested domain name does not match the server's certificate

1 Answers1