Git SSL Certificate Problem Caused By Self Signed Certificates

  • 8

Git SSL Certificate Problem Caused By Self Signed Certificates

Category : How-to

Get Social!

git-logoIt’s never been easier to set up your own Git server to host your own git repositories for your projects. Thanks to people like the folks over at GitLab you can be up and running in no time at all.

If you host something like this yourself, you’ll probably have entered the world called self signed certificates. These are SSL certificates that have not been signed by a known and trusted certificate authority. There is no security concern using a self signed certificate, the level of security will be similar to a paid for certificate, the problem is that your commuter won’t know that it can trust the certificate. You may have seen this error in a Web Browser, such as Chrome:

chrome-ssl-warning

With Git, however, you’ll get an error from the git command line tool similar to the below:

The preferred method of dealing with this error is to add the Certificate Authority’s signing certificate as a trusted Certificate Authority on your computer.The way to do this differs depending on your OS and is out of scope for this post.

There are two Git specific methods of forcing Git to accept the self signed certificates, which don’t require you to import the CA certificate to your computers Trusted  CA store:

Turn off Git SSL Verification

You can stop the Git client from verifying your servers certificate and to trust all SSL certificates you use with the Git client. This has it’s own security risks as you would not be warned if there was a valid problem with the server you are trying to connect to.

That said, it’s the quickest and easiest fix for a non trusted server certificate. Simply run the below git command on your Git client.

Tell Git Where Your Certificate Authority Certificates Are

Another option is to point your Git client towards a folder that contains the Certificate Authority certificate that was used to sign your Git server’s SSL certificate. You may not have one of these if you’re using Self Signed certificates.

Save the CA certificate to a folder on your Git client and run the following git command to tell your Git client to use it when connecting t the server:

 


8 Comments

tino

29-Jul-2015 at 3:33 pm

another option is:

cp YOURCA.crt /usr/share/ca-certificates/
and run:
dpkg-reconfigure ca-certificates

Select “Trust” and choose your CA from the list and give OK.
The interesting thing is that the whole system accepts the CA certificate, from now on.

Regards.

    james.coyle

    29-Jul-2015 at 4:19 pm

    That’s correct – and of course Linux only. For Windows, you’d have to add it by double clicking it, choosing ‘Install Certificate’ and installing it to ‘Trusted Root Certification Authorities’.

tino

30-Jul-2015 at 1:01 pm

:)

Thank you very much for your interest to get involved in all your articles. They’ve been very helpful.

Hug!

Artiom

29-Jul-2016 at 4:36 pm

lots thanks!

Amitkumar

3-Apr-2017 at 12:05 pm

git config –system http.sslCAPath \git\certificates
error: could not lock config file C:\Program Files\Git\mingw64/etc/gitconfig: Permission denied
error: could not lock config file C:\Program Files\Git\mingw64/etc/gitconfig: Invalid argument

Amitkumar

3-Apr-2017 at 12:06 pm

git config –system http.sslCAPath \git\certificates
error: could not lock config file C:\Program Files\Git\mingw64/etc/gitconfig: Permission denied
error: could not lock config file C:\Program Files\Git\mingw64/etc/gitconfig: Invalid argument

Please let’us know what I do?

MaikoID

29-Aug-2017 at 6:17 pm

Hi, thanks for the info but I cannot make it work.

I’m googling for a long time about this problem without success and I’m begining to lose hope.
At my company I got a self-signed proxy. Each computer has to install Its certificate. It works with the Firefox where I have to manually import to it.

But I can get it to work with git. This is what I have done:
$ cp PCAcert.crt /usr/share/ca-certificates/extra/
$ sudo dpkg-reconfigure ca-certificates
$ ls /etc/ssl/certs/PCAcert.pem

so far so good but git give this error:
$ git clone –depth 1 https://github.com/junegunn/vim-plug.git plug
Cloning into ‘plug’…
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (16/16), done.
remote: Total 16 (delta 0), reused 6 (delta 0), pack-reused 0
Unpacking objects: 100% (16/16), done.
error: RPC failed; curl 56 GnuTLS recv error (-110): The TLS connection was non-properly terminated.

Could anyone help me with this issue?

MaikoID

29-Aug-2017 at 6:18 pm

git config –list
http.sslcapath=/etc/ssl/certs/
http.postbuffer=524288000
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://MaikoID@bitbucket.org/MaikoID/vim.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master

Leave a Reply