When fetching with git on Cygwin you get:
Fetching origin
fatal: unable to access 'https://.../...git': SSL certificate problem: self signed certificate in certificate chain
error: Could not fetch origin
The certificate was added to /etc/ssl/certs/ca-bundle.crt
and other bundle files, but on the next Cygwin update the problem reappeared.
The default location to install certificates is /etc/ssl/certs . This enables multiple services to use the same certificate without overly complicated file permissions. For applications that can be configured to use a CA certificate, you should also copy the /etc/ssl/certs/cacert.
You will need to obtain a new SSL certificate that has been signed by a valid Root CA. If your certificate does name a Root CA, you will need to find out if it is included in the browser's own list of trusted Root CA's, or obtain a new SSL certificate that has been signed by a valid Root CA that the browser recognises.
git-remote-https
will read the following files for ca certificates:
/etc/ssl/certs/ca-bundle.crt
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
If you edit these files, they will be overwritten each time the Cygwin setup is run and there is an update for the ca-certificates package.
The correct/proper solution is to add the certificate to the pick up directory and run the pickup script, update-ca-trust:
curl -sL http://ca.pdinc.us > /etc/pki/ca-trust/source/anchors/ca.pdinc.us.pem \
&& update-ca-trust
The post install script for the ca-certificates package will automatically rerun the update-ca-trust script on every upgrade. For more information:
man update-ca-trust
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With