Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to add an enterprise certificate authority (CA) to git on cygwin (and some linux distros)

When fetching with git on Cygwin you get:

Fetching origin
fatal: unable to access 'https://.../...git': SSL certificate problem: self signed certificate in certificate chain
error: Could not fetch origin

The certificate was added to /etc/ssl/certs/ca-bundle.crt and other bundle files, but on the next Cygwin update the problem reappeared.

like image 520
Jason Pyeron Avatar asked Oct 27 '14 14:10

Jason Pyeron


People also ask

Where are ca-certificates stored in Linux?

The default location to install certificates is /etc/ssl/certs . This enables multiple services to use the same certificate without overly complicated file permissions. For applications that can be configured to use a CA certificate, you should also copy the /etc/ssl/certs/cacert.

How do you fix this CA root certificate is not trusted?

You will need to obtain a new SSL certificate that has been signed by a valid Root CA. If your certificate does name a Root CA, you will need to find out if it is included in the browser's own list of trusted Root CA's, or obtain a new SSL certificate that has been signed by a valid Root CA that the browser recognises.


1 Answers

git-remote-https will read the following files for ca certificates:

/etc/ssl/certs/ca-bundle.crt
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

If you edit these files, they will be overwritten each time the Cygwin setup is run and there is an update for the ca-certificates package.

The correct/proper solution is to add the certificate to the pick up directory and run the pickup script, update-ca-trust:

curl -sL http://ca.pdinc.us  > /etc/pki/ca-trust/source/anchors/ca.pdinc.us.pem \
&& update-ca-trust

The post install script for the ca-certificates package will automatically rerun the update-ca-trust script on every upgrade. For more information:

man update-ca-trust
like image 115
Jason Pyeron Avatar answered Sep 18 '22 23:09

Jason Pyeron