Menu
I just created a github account and a repository therein, but when trying to create a local working copy using the recommende url via
git clone https://github.com/<user>/<project>.git I get an error like
fatal: unable to access 'https://github.com/<user>/<project>.git': server certificate verification failed. CAfile: /home/<user>/.ssl/trusted.pem CRLfile: none
I'm on Debian Jessie, and I would have expected both Debian and GitHub to provide / rely on a selection of commonly accepted CAs, but apparently my system doesn't trust GibHub's certificate.
Any simple way to fix this (without the frequently recommended "GIT_SSL_NO_VERIFY=true" hack and similar work-arounds)?
EDIT:
Additional information:
When removing ~/.ssl/trusted.pem, the git error message changes to
fatal: unable to access 'https://github.com/tcrass/scans2jpg.git/': Problem with the SSL CA cert (path? access rights?) EDIT:
@VonC's advice regarding the git https.sslCAinfo option put me on the right track -- I just added the downloaded cacert.org CAs to my trusted.pem, and now git doesn't complain anymore.
549
In order to resolve this problem, you can: Get a Valid Server Certificate installed on the web server. Accept the certificate programmatically. Install the public key of the server certificate issuing authority in the trusted CA store of the client machine.
ca. crt is the CA's public certificate file. Users, servers, and clients will use this certificate to verify that they are part of the same web of trust. Every user and server that uses your CA will need to have a copy of this file.
You can also disable SSL verification, (if the project does not require a high level of security other than login/password) by typing :
git config --global http.sslverify false
enjoy git :)
121
Make sure first that you have certificates installed on your Debian in /etc/ssl/certs.
If not, reinstall them:
sudo apt-get install --reinstall ca-certificates Since that package does not include root certificates, add:
sudo mkdir /usr/local/share/ca-certificates/cacert.org sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt sudo update-ca-certificates Make sure your git does reference those CA:
git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt Jason C mentions another potential cause (in the comments):
It was the clock. The NTP server was down, the system clock wasn't set properly, I didn't notice or think to check initially, and the incorrect time was causing verification to fail.
Certificates are time sensitive.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
