0

I use git, with GitLab, all worked fine, until several days ago I started to get the SSL certificate problem error:

PS C:\proj> git clone https://git.company.com/dev/myproject.git
Cloning into 'myproject'...
fatal: unable to access 'https://git.company.com/dev/myproject.git/': 
       SSL certificate problem: unable to get local issuer certificate

As I understood, deactivate the SSL verification is a security problem, so I would not like the solution where setting http.sslverify false.

The problem is similar to this one. The found solution is to set http.sslCAInfo to C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt", solution that didn't work for me.

Could someone explain in simple words:

  • what is that .crt certificate (I suppose it is for the secure handshake between local and distant git servers?),
  • how to correctly obtain that certificate
  • where to keep it on the dev machine
  • how to configure git to use it
  • what is the difference between SSH and SSL in this case.

PS. Following the VonC answer I get the proposed version output

enter image description here

serge
  • 13,940
  • 35
  • 121
  • 205

1 Answers1

1

You need to get the certificate chain (intermediate and root CA) for your company site.

In a git bash session, as in here:

echo | openssl s_client -connect git.company.com:443 -servername git.company.com -showcerts | openssl crl2pkcs7 -nocrl | openssl pkcs7 -noout -print_certs

From there, you need

  • save those in a file.crt
  • reference that file in your global git config

That is:

git config --global http."https://*.comany.com/".sslcainfo "C:\path\to\file.crt"
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • please see the updated OP, I added a capture with the output – serge Nov 18 '22 at 16:01
  • @Putin-TheHero A self-signed certificate then. Try and [get said certificate directly through Chrome](https://stackoverflow.com/a/44726189/6309). – VonC Nov 18 '22 at 19:30