Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I configure Git to trust certificates from the Windows Certificate Store?

Currently I have the following entry in my .gitconfig in my user directory.

... [http]     sslCAInfo=C:\\Users\\julian.lettner\\.ssh\\git-test.pem ... 

This sets the certificate to use when interacting with the git server (required by my company's git server).

But now I cannot clone other repositories (for example a public repository on GitHub), because the client always uses the configured certificate which gets rejected by other servers.

How can I circumvent this certification issue? Can I configure Git to use the Windows Certificate Store to authenticate?

like image 561
Julian Lettner Avatar asked May 21 '13 11:05

Julian Lettner


People also ask

Where are git Certs stored?

In RHEL/CentOS, the Linux certificates used by git and other tools are stored in the /etc/pki/tls/certs/ca- bundle.

How do I get a certificate from the Windows Store?

To view certificates for the current userSelect Run from the Start menu, and then enter certmgr. msc. The Certificate Manager tool for the current user appears.


2 Answers

Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer. This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism.

From the Git for Windows 2.14 release notes:

It is now possible to switch between Secure Channel and OpenSSL for Git's HTTPS transport by setting the http.sslBackend config variable to "openssl" or "schannel"; This is now also the method used by the installer (rather than copying libcurl-4.dll files around).

You can choose the new SChannel mechanism during the installation of Git for Windows 2.14. You can also update an existing installation to use SChannel by running:

git config --global http.sslBackend schannel 

Once you have configured this, Git will use the Windows certificate store and should not require (and, in fact, should ignore) the http.sslCAInfo configuration setting.

like image 171
Edward Thomson Avatar answered Sep 22 '22 22:09

Edward Thomson


Use:

git config  --local ... 

To specify per-repository settings. Local settings are stored in the .git directory.

An overview of the three locations where git can store settings:

  • --local: Repository specific, <repo_dir>/.git/config
  • --global: User-specific, ~/.gitconfig
  • --system: System default, /etc/gitconfig

More specific ones override more general settings, i.e. local overrides both global and system.

like image 28
Andomar Avatar answered Sep 22 '22 22:09

Andomar