I want to clone the git repository with the help of TortoiseGit, but I am getting error :
error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://git.assembla.com/pplconnect-PL.webserver.git/info/refs?service=git-upload-pack fatal: HTTP request failed
git did not exit cleanly (exit code 128).
Any help or guidance will be well appreciated.
Prepend GIT_SSL_NO_VERIFY=true before every git command run to skip SSL verification. This is particularly useful if you haven't checked out the repository yet. Run git config http. sslVerify false to disable SSL verification if you're working with a checked out repository already.
When ssl certificate problem unable to get local issuer certificate error is caused by a self-signed certificate, the fix is to add the certificate to the trusted certificate store. Open the file ca-bundle. crt located in the directory above, then copy and paste the Git SSL certificate to the end of the file.
You can choose to ignore the server certificate (at your own risk!).
Configure your TortoiseGit in the following way. First of all open the TortoiseGit settings.
Then:
Edit systemwide gitconfig
"[http]
section write: [http]
sslVerify = false
Configure git to use the right root certificate. Get the root CA certificate of the server and add it to the git config. Run this in command prompt (don't forget to cd into your git repo)
git config http.sslCAinfo ~/certs/cacert.pem
You can choose to ignore the server certificate (at your own risk!).
git config http.sslVerify false
Security Warning: This is susceptible to Man in the Middle attacks. Be sure that this security concern is not an issue for you before you disable SSL certification verification.
All the top answers are really dangerous! Do not disable SSL verification globally!
Instead, use the excellent answer in another thread and very selectively allow a self-signed certificate for a specific site.
Edit the global .gitconfig
file to include
[http "https://example.com"]
sslCAInfo = C:\\Users\\<username>\\Documents\\ssl\\example.com.crt
The CRT file itself can be obtained in multiple ways. You can just save it using Firefox, store it somewhere safe and point your config to it.
The correct solution is simple: Tell Git to use the Windows certificate store. This is supported by git version >=2.14 (not sure what Tortoise version that relates to)
To configure via the command line:
C:\Program Files\git\bin
git config --global http.sslBackend schannel
Or, from the TortoiseGit interface:
[http]
section in the file, add that line.sslBackend = schannel
to the [http]
section, so it should look like:
[http]
sslBackend = schannel
Install your self signed certificate chains in the Windows Certificate Store as normal.
Even though disabling ssl verifyication is considered dangerous for many reasons, sometimes this is feasible. Others have pointed out to use at least a "local" disabling, but not how to do this. For the record, here is how you can define in the global .gitconfig
file (in Windows located under c:\Users\username
) for a single repository to use openssl and disable the check. Just add the following (adjusted) lines:
[http "https://your.repo.com"]
sslBackend = openssl
sslVerify = false
For me this worked perfect. As noted and linked in the answer from FRob, here is a more nuanced option that uses the pem certificate that you can often download yourself, e.g. when "clicking" on the lock symbol in your browser before the url and searching for "additional information" (firefox, others should be similar).
Please check that your Git for Windows installation is correct.
As you can see in the screenshot git.exe cannot find the template directory - so I suppose git.exe also cannot find the shipped CA certificates.
If that doesn't help, see a description here for including a certificate into the Git trust store.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With