Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

git unable to find certificate in keychain after updating to macOS Sierra

After upgrading to macOS 10.12 Sierra I'm unable to sync with my encrypted SSL git server. The certificate still works fine while accessing the server through Safari.

I get this message when trying to push to the server:

fatal: unable to access 'https://....': SSL: Can't find the certificate "...." and its private key in the Keychain.

The certificate is there in the keychain, and the name is correct (it worked before the update), but somehow I can't access it.

My ~/.gitconfig file still consists of this:

[http "https://...."]
    sslCert = ....
[credential]
    helper = osxkeychain

Have anyone else bumped into this problem so far?

like image 808
jonasberglund Avatar asked Sep 22 '16 07:09

jonasberglund


2 Answers

It looks like the git-credential-osxkeychain helper application is broken on macOS sierra and will not retrieve any more a user certificate that is returned with security find-identities

The only workaround I found is to

  • export the certificate and key from keychain to my_certificate.p12
  • edit .git/config for the affected account to use

    [http]
      sslCert = /Users/foo/certificates/my_certificate.p12
      sslcertpasswordprotected = true
    

Note: You'll need a password on the P12 and have to enter the password for the p12 every time you do a git command.

P.S: RADAR://28461462

like image 199
Thomas Engelmeier Avatar answered Sep 20 '22 06:09

Thomas Engelmeier


If you want to use a crt and keyfile

[http]
    sslVerify = false
    sslCert = my.crt
    sslKey = my.key

you need to install curl and git with openssl support

brew install openssl
brew install curl --with-openssl
brew install git --with-brewed-openssl --with-brewed-curl

That's worked for me as expected

like image 33
trollr Avatar answered Sep 21 '22 06:09

trollr