412

I have to use a git server without proper certificates, but I don't want to have to do

env GIT_SSL_NO_VERIFY=true git command

every single time I do a git operation. But I would also like to leave SSL enabled for other git repositories. Is there a way to make this local to a single repo?

Charles Randall
  • 6,920
  • 12
  • 33
  • 38
  • 6
    Related: [How can I make git accept a self signed certificate?](https://stackoverflow.com/q/11621768/3357935) – Stevoisiak Sep 27 '17 at 16:32
  • http://www.f15ijp.com/2012/08/git-ssl-certificate-problem-how-to-turn-off-ssl-validation-for-a-repo/ one of the best solutions i found – vikas etagi Mar 22 '20 at 14:06
  • This is an awesome question because I didn't even know you could prepend this environment variable before the git command and have it bypass the expired certificate error. – Frak Aug 16 '22 at 15:21

12 Answers12

799

You can do

git config http.sslVerify "false"

in your specific repo to disable SSL certificate checking for that repo only.

This won't work with git clone, since you don't yet have the local git repo to be able to set the flag in yet. Therefore in that case:

git -c http.sslVerify=false clone <path>
cd <directory>
git config http.sslVerify "false"
jcwenger
  • 11,383
  • 1
  • 53
  • 65
Joachim Isaksson
  • 176,943
  • 25
  • 281
  • 294
  • 103
    git config --global http.sslVerify "false" – sgohl Jul 26 '17 at 12:48
  • 67
    The --global should NOT be used because the OP has specifically requested that he only wants it for specific repos. – Kannan Ekanath Sep 06 '17 at 09:29
  • 20
    Note: Seems the `--global` option IS needed when a repo is NOT yet checked out (can't set options for a repo that doesn't exist yet locally). One can always turn it back on after. – James Wilkins Nov 29 '17 at 18:58
  • 5
    I rollbacked the edit, since the question specifically didn't ask for this plus it is a bad idea to disable this globally for security reasons. – Étienne Aug 29 '18 at 14:23
  • 2
    I rollbacked the edit again, for the same reasons as above. This question is about a specific repo. If you want an answer for all repos, that should be a separate question. – Calimo Mar 26 '19 at 15:01
  • 1
    For everyone being pedantic about "this should not be set globally", try setting this without checking out anything. The first repo you are trying to clone has an invalid certificate. That will be **fun**. The proper steps to follow should be 1) set this globally, 2) clone the repo, 3) set this locally, 4) clear flag globally. – Tanveer Badar Jul 02 '19 at 09:47
  • @ÉtienneReinstateMonica But we are talking about SSL certificate verification. Different from SSH. – Tanveer Badar Dec 17 '19 at 15:52
  • 27
    @TanveerBadar This is the proper way to clone a repository with SSL disabled, there is no need to disable SSL globally: "git -c http.sslVerify=false clone https://example.com/path/to/git" from https://stackoverflow.com/a/11622001/1710392 – Étienne Dec 17 '19 at 16:00
  • While that command sets this once the repo has already been cloned locally. If you are going to be cloning a repo, you can configure settings per remote URL which worked for a scenario I recently ran into. See: https://stackoverflow.com/a/45351045/128984 – Sir CodesALot Feb 25 '20 at 15:55
  • @Étienne that's the proper way I was looking for, for initial clone, thanks! – Pac0 Jul 16 '20 at 22:23
  • A far better approach is to tell git to trust that self-signed cert. That's not what the title asks, but it's what the body of his request reveals that he wants.[https://stackoverflow.com/a/26785963/3777824](https://stackoverflow.com/a/26785963/3777824). Do that globally and it fixes the issue for all repos for that whole server in one shot without disabling cert checks. – LinuxDisciple Aug 27 '20 at 22:52
  • I am facing authentication failed issue after disabling SSL – Priyam May 12 '21 at 07:50
  • What about doing `git config http.sslVerify "false"` before cloning a repo, i.e. when the git repo does not exist yet? – andreagalle Dec 22 '21 at 10:40
  • @andreagalle answer is in the second part. – Nikhil S Aug 10 '22 at 16:02
222

You can do as follows

For a single repo

git config http.sslVerify false

For all repo

git config --global http.sslVerify false
Community
  • 1
  • 1
Thirumalai murugan
  • 5,698
  • 8
  • 32
  • 54
  • 7
    This will disable SSL verification for all repositories. The original question was about making it local to a single repository. – Gwynne Raskind Dec 20 '13 at 22:29
  • 5
    Why in the world you are using sudo at all? local repository doesn't need it, and user configuration is in $HOME (whatever that is on your system) so it doesn't need sudo either. – mcepl Jul 30 '15 at 08:25
  • @ParthianShot if they are not the admin user how they can use this with out sudo? – Thirumalai murugan Feb 05 '16 at 08:40
  • 1
    @Thirumalaimurugan Are you serious right now? `sudo` should only be used when you actually need *root* to do something. Like installing new software, modifying important system files, reformatting drives, reconfiguring the network, managing services... There was nothing in this guy's question to imply that he needed root to do anything. If you're an administrator, you should be running most of your commands- including those commands which change your configuration- without sudo most of the time. – Parthian Shot Feb 05 '16 at 14:50
  • @ParthianShot cool im not serious, the above question and your answer will be useful for me as well as other users who have the same doubt, I have one more doubt also im not the administrator user, I tried the above code with out sudo but that does not worked for me with out sudo, so that im asking you in that case what should I do, if I should not use the sudo? – Thirumalai murugan Feb 07 '16 at 10:47
  • Are you using `--system` by default ? Otherwise as others have said, you should not use `sudo` – malat May 25 '16 at 10:20
  • 2
    @HolaSoyEduFelizNavidad, When the OP said "for all repo," the OP meant "all repos for this user," not "all repos on the computer." – vy32 Aug 03 '18 at 14:30
119

Like what Thirumalai said, but inside of the cloned repository and without --global. I.e.,

  1. GIT_SSL_NO_VERIFY=true git clone https://url
  2. cd <directory-of-the-clone>
  3. git config http.sslVerify false
mcepl
  • 2,688
  • 1
  • 23
  • 38
  • Good solution for cases when you `could not lock global config file .gitconfig: Permission denied` – gorodezkiy Jul 29 '15 at 23:03
  • 1
    If you have Permission denied on .gitconfig there is something seriously ske*ed with your system. Your $HOME should be available to you (which is where .gitconfig should be, shouldn't it?). – mcepl Jul 30 '15 at 08:27
  • This is not actually my server. But thank you anyways. And I removed path from error message, actually on that server git is trying to access .gitconfig somewhere in `/var/www/...` – gorodezkiy Jul 30 '15 at 19:36
  • This answer also has some great explanations on the options. https://stackoverflow.com/a/11622001 – dragon788 Jun 27 '17 at 19:09
  • 4
    export GIT_SSL_NO_VERIFY=true – ETech Oct 05 '17 at 13:32
  • 1
    @ETech you don't want to do that: this makes all your git actions everywhere ignoring SSL (otherwise, using ``--global`` would be just fine). My solution is limited just to one repository. – mcepl Oct 06 '17 at 09:23
25

If you have to disable SSL checks for one git server hosting several repositories, you can run :

git config --bool --add http.https://my.bad.server.sslverify false

This will add it to your user's configuration.

Command to check:

git config --bool --get-urlmatch http.sslverify https://my.bad.server

(If you still use git < v1.8.5, run git config --global http.https://my.bad.server.sslVerify false)

Explanation from the documentation where the command is at the end, show the .gitconfig content looking like:

[http "https://my.bad.server"]
        sslVerify = false

It will ignore any certificate checks for this server, whatever the repository.

You also have some explanation in the code

Mat M
  • 1,786
  • 24
  • 30
24

In particular if you need recursive clone

GIT_SSL_NO_VERIFY=true git clone --recursive https://github.com/xx/xx.git
Jérémie B
  • 10,611
  • 1
  • 26
  • 43
user5958256
  • 249
  • 2
  • 3
18

If you are on a Windows machine and have the Git installed, you can try the below steps:

  1. Go to the folder of Git installation, ex: C:\Program Files (x86)\Git\etc
  2. Edit the file: gitconfig

  3. Under the [http] section, add the line: sslVerify = false

    [http]
  sslVerify = false
rubo77
  • 19,527
  • 31
  • 134
  • 226
shasi kanth
  • 6,987
  • 24
  • 106
  • 158
  • 1
    this also doesn't meet the question above where he says he doesn't want to affect other repos. – bryanmac Feb 04 '15 at 23:19
  • and It is really helpful when you can't run git commands! (i.g. having sourcetree on a windows virtual machine and placing the src folder in a UNC path in which built-in sorcetree terminal can't recognise! – AllOutOfSalt Oct 03 '15 at 15:44
  • For TortoiseGit users, you can edit this section into the local config file by doing a context-specific Settings update and selecting the option to edit local only – Steve Townsend Aug 07 '16 at 14:11
13

One more point ,apart from

git config --global http.sslVerify false

just setting the SSL verification to false ,you also have to have the key to clone the repository. something like this

git clone https://5edwerwe32434lcvghjjextracgecj@github.com/myorg/MYpro.git"

5edwerwe32434lcvghjjextracgecj is the token generated from github under settings/ Developer settings/

Hameed Syed
  • 3,939
  • 2
  • 21
  • 31
  • Works for me. On Windows OS. cmd as Administrator ` git config --system http.sslVerify false git config --global http.sslVerify false ` – GSD.Aaz May 16 '22 at 10:06
11

This question keeps coming up and I did not find a satisfying result yet, so here is what worked for me (based on a previous answer https://stackoverflow.com/a/52706362/1806760, which is not working):

My server is https://gitlab.dev with a self-signed certificate.

First run git config --system --edit (from an elevated command prompt, change --system to --global if you want to do it for just your user), then insert the following snippet after any previous [http] sections:

[http "https://gitlab.dev"]
        sslVerify = false

Then check if you did everything correctly:

> git config --type=bool --get-urlmatch http.sslVerify https://gitlab.dev
false
mrexodia
  • 648
  • 12
  • 20
8

There is an easy way of configuring GIT to handle your server the right way. Just add an specific http section for your git server and specify which certificate (Base64 encoded) to trust:

~/.gitconfig

[http "https://repo.your-server.com"]
# windows path use double back slashes
#  sslCaInfo = C:\\Users\\<user>\\repo.your-server.com.cer
# unix path to certificate (Base64 encoded)
sslCaInfo = /home/<user>/repo.your-server.com.cer

This way you will have no more SSL errors and validate the (usually) self-signed certificate. This is the best way to go, as it protects you from man-in-the-middle attacks. When you just disable ssl verification you are vulnerable to these kind of attacks.

https://git-scm.com/docs/git-config#git-config-httplturlgt

Matthias B
  • 5,523
  • 3
  • 45
  • 47
5

This works for me:

git init
git config --global http.sslVerify false
git clone https://myurl/myrepo.git
tedi
  • 6,350
  • 5
  • 52
  • 67
1

On Linux, if you call this inside the git repository folder:

git config http.sslVerify false

this will add sslVerify = false in the [http] section of the config file in the .git folder, which can also be the solution, if you want to add this manually with nano .git/config:

...
[http]
  sslVerify = false
rubo77
  • 19,527
  • 31
  • 134
  • 226
-1

for windows, if you want global config, then run

git config --global http.sslVerify false
176coding
  • 2,933
  • 4
  • 17
  • 18