Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = Unable to get local issuer certificate

Question

I'm new to interact with Git and I'm trying to combine it with TFS infrastructure, but experiencing SSL authentication problems. No Github, no VSTS. TFS is on-premises, therefore local installation.

Server part:

I've installed TFS 2018 on Windows Server 2016 and create a corporate self signed certificate and bind the TFS web service (IIS manager) on that certificate.

TFS is configured to run only through HTTPS. HTTP is redirected to HTTPS. I've setup a new Project with Git as versioning system.

Client part:

I have two kind of Windows clients. Windows 7 SP1 and 10 Anniversary Update, both of them with Visual Studio 2017 Enterprise.

I installed the certificate (as Trusted Root Certification Authorities) and connecting through browser I have no whatsoever to see the project informations. No browser raise any kind of alerts regarding authenticity of certicate. Then, I installed Git-2.15.1.2-64-bit.exe, using Windows Secure Channel Library.

I followed this guide to configure Git clients, because I was getting title fatal error. So basically I extracted content of self-signed and appended to ca-bundle.crt file. All of them:

• C:/Program Files/Git/mingw64/ssl/certs/
• C:\users\myname (created as a global one just like guide says)
• C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\ssl\certs (this is created by Visual Studio 2017 installation)

When I use through Powershell "git config --list --show-origin" command, I see listed: file:"C:\Program Files\Git\mingw64/etc/gifconfig" http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt file:"C:/users/myname/.gifconfig" http.sslcainfo=C:/users/myname/ca-bundle.crt

If I try to clone repository from VS2017 Team Explorer panel it keeps saying: "Git failed with a fatal error. fatal: unable to access 'https://tfs.blahblah/': SSL certificate problem: unable to get local issuer certificate"

But when I use Git GUI it answers with a different error: fatal: Couldn't find remote ref HEAD As far as I know it looks reasonable because there is no commit attached.

But I can't commit anything if I can't "pair" with Visual Studio 2017.

I read through several links, but I couldn't get it through. So before mark it as duplicated, I ask you to PLEASE pay attention to my specific system/environment requirements.

Note: and please don't suggest me to switch off SSL because as already talked it is NOT a solution in corporate/enterprise environments

Answer 1

Here what I did to fix my issue:

In Git Settings, Global Settings in Team Explorer, there is an option to choose between OpenSSL and Secure Channel.

Starting with Visual Studio 2017 (version 15.7 preview 3) use of SChannel in Git Global settings fixed my issue.