Login/Register
Unable to resolve "unable to get local issuer certificate" using git on Windows with self-signed certificate
Asked Answered
Solved windowsgitcurlssl-certificatemsysgit
A

35

686

I am using Git on Windows. I installed the msysGit package. My test repository has a self signed certificate at the server. I can access and use the repository using HTTP without problems. Moving to HTTPS gives the error:

SSL Certificate problem: unable to get local issuer certificate.

I have the self signed certificate installed in the Trusted Root Certification Authorities of my Windows 7 - client machine. I can browse to the HTTPS repository URL in Internet Explorer with no error messages.

This blog post by Philip Kelley explained that cURL does not use the client machine's certificate store. I followed the blog post's advice to create a private copy of curl-ca-bundle.crt and configure Git to use it. I am sure Git is using my copy. If I rename the copy; Git complains the file is missing.

I pasted in my certificate, as mentioned in the blog post, I still get the message "unable to get local issuer certificate".

I verified that Git was still working by cloning a GitHub Repository via HTTPS.

The only thing I see that's different to the blog post is that my certificate is the root - there is no chain to reach it. My certificate originally came from clicking the IIS8 IIS Manager link 'Create Self Signed Certificate'. Maybe that makes a certificate different in some way to what cURL expects.

How can I get Git/cURL to accept the self signed certificate?

Acinus answered 27/5, 2014 at 9:15 Comment(7)
Possible duplicate of configure Git to accept a particular self-signed server certificate for a particular https remoteAuld
Also check whether your local network is permitted to push files to github repository. There may be some firewall or antivirus restriction.Rowland
If anyone faces this error while using Bower, create a .bowerrc file with content { "strict-ssl": false }. Don't thank me, thank this guy: stapp.space/fight-with-2 I've fought with this error for close to 5 hours, straight!!Msg
Might help someone: I am using gitlab and I face this error if I clone via https. But if I use ssh then it works perfectly fine.Frazil
I get the best solution here. #24612140Dissertate
I was getting this error in Azure Pipelines. You can find the solution at this post.Ephraim
For me I was getting this issue when I have installed Git with Homebrew on Linux. After changing Git from Homebrew to apt package, this was fixed.Ellanellard
A
48

An answer to Using makecert for Development SSL fixed this for me.

I do not know why, but the certificate created by the simple 'Create Self Signed Certificate' link in IIS Manager does not do the trick. I followed the approach in the linked question of creating and installing a self-signed CA Root; then using that to issue a Server Authentication Certificate for my server. I installed both of them in IIS.

That gets my situation the same as the blog post referenced in the original question. Once the root certificate was copy/pasted into curl-ca-bundle.crt the git/curl combo were satisfied.

Acinus answered 27/5, 2014 at 15:12 Comment(2)
"I do not know why, but the certificate created by the simple 'Create Self Signed Certificate' link in IIS Manager does not do the trick..." - The best I can tell, it creates malformed certificates. There's lots of rules when creating X.509 certificates; the "do the minimum to make it work" no longer works well. Also see How do you sign Certificate Signing Request with your Certification Authority and How to create a self-signed certificate with openssl?Auld
This worked for me, but I got temporarily hung up on the "I installed both of them in IIS" part. To clairfy for others...the server cert is assigned in IIS, and the root CA needs to be imported to "Trusted Root Certification Authorities” via the Windows cert manager utility (certmgr.msc)Leahy
L
936

The problem is that git by default using the "Linux" crypto backend.

Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer as the crypto backend. This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx

Just execute:

git config --global http.sslbackend schannel

That should help.

Using schannel is by now the standard setting when installing git for Windows, also it is recommended to not checkout repositories by SSH anmore if possible, as https is easier to configure and less likely to be blocked by a firewall it means less chance of failure.

Linseylinseywoolsey answered 30/10, 2018 at 12:41 Comment(6)
Note however that this solution can make git config --global http.sslCAInfo <my-server-self-signed-cert.pem> fail to work. I configured http.sslCAInfo to use a self-signed certificate for my server, and it's the reason (may not be same as OP) that I encountered "SSL Certificate problem: unable to get local issuer certificate" when I do e.g. a git clone https://github.com/Microsoft/vscode.git. Finally I used the answer from https://mcmap.net/q/47577/-unable-to-resolve-quot-unable-to-get-local-issuer-certificate-quot-using-git-on-windows-with-self-signed-certificate (Ben P.P. Tung) to tune my sslCAInfo config specific to my git server to solve it.Muscat
If you are looking way to include a certificate for on-premise github server into the git certstore, follow this solution.Ephraim
This one worked for me, I'm using VS code, company has some VPN software installed guarding the traffic, this solution resolve my issue. Thanks.Mameluke
After this command I got another error: "... schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted", because Git repository now holds untrusted certificate. Then I used git config --global http.sslVerify false, which is insecure.Educate
THIS but watch out for productivity firewalls that stop the setting actually changing. In Windows especially, run the Git CMD as admin.Kirghiz
In Visual studio go to git settings select Git global settings and change the Cryptographic network provider option to Secure ChannelCountersubject
M
489

Open Git Bash and run the command if you want to completely disable SSL verification.

git config --global http.sslVerify false

Note: This solution opens you to attacks like man-in-the-middle attacks. Therefore turn on verification again as soon as possible:

git config --global http.sslVerify true
Myocarditis answered 2/12, 2015 at 17:23 Comment(12)
This answer defeats the security of SSL by permitting man-in-the-middle attacks. Other answers already explain how to configure git to trust the specific certificate you need.Selectivity
horrible answer indeed, you don't even tell them to turn SSL back on. This is why security vulnerabilities happen.Robbie
If you are using Gitblit then no other option instead of doing sshVerify false.Myocarditis
To disable TLS/SSL verification for a single git command, use the following command: git -c http.sslVerify=false clone https://domain.com/path/to/gitKrak
There are several solutions already provided below, and I have already suggested the cons. So it's up to you that what solutions you are are picking to resolve the issue.Myocarditis
What worked for me was: git clone <addr of repo> --config http.proxy= --config http.sslVerify=falseTruelove
Leave out global to apply the setting per repo for more security.Terefah
To apply this sslVerify=false change, the cmd (or the one you are using) window needs to be restarted.Msg
This can be a workarround, but never a solution. Also, it is better do not bypass all ssl verification. You can use git config --local http.sslVerify false. In this way only one repository is insecureNigrosine
This is always the wrong answer. The point of SSL is security. It is enabled by default for a reason.Macaronic
Agreed this is always a bad idea. It's a band-aid / temporary workaround at best. Especially if on a corporate network, always work through the problem to ensure appropriate security is being used.Wrenn
This is not a wrong or a bad answer. As long as the risks are documented, it's perfectly legit. You use at your own risk. The holier than thou crowd can struggle for the next few hours on this one while the rest of us move on with life.Rigamarole
S
99

I had this issue as well. In my case, I was trying to get a post-receive Git hook to update a working copy on a server with each push. Tried to follow the instructions in the blog you linked to. Didn't work for me as well and overriding the settings on a per-user basis didn't seem to work either.

What I ended up having to do was disable SSL verification (as the article mentions) for Git as a whole. Not the perfect solution, but it'll work until I can figure out a better one.

I edited the Git config text file (with my favorite line-ending neutral app like Notepad++) located at:

C:\Program Files (x86)\Git\etc\gitconfig

In the [http] block, I added an option to disable sslVerify. It looked like this when I was done:

[http]
    sslVerify = false
    sslCAinfo = /bin/curl-ca-bundle.crt

That did the trick.

NOTE:

  • This disables SSL verification and is not recommended as a long term solution.

  • You can disable this per-repository which still isn't great, but localizes the setting.

  • With the advent of LetsEncrypt.org, it is now fairly simple, automated and free to set up SSL as an alternative to self-signed certs and negates the need to turn off sslVerify.

Steamroller answered 6/8, 2014 at 3:33 Comment(6)
This defeats the purpose of SSL.Clinkstone
you can use the command "git config --global http.sslVerify false" to disable SSL verificationPhyliciaphylis
Thanks for pointing the sslCAinfo configuration entry out; but I'm not upvoting the answer since it doesn't make much sense to permanently disable SSL for git system-wide (have you tried to disable it system-wide, then clone, then re-enable it and then disable it in the local git config for the newly cloned repo?).Electrostriction
For a one-off command, there is no need to change config files: git -c http.sslVerify=false clone https://...Wrecker
@Clinkstone Yes, this is something required when you must work with servers managed by admins who do not know what they are doing and you have to access the repos on that server and port 22 is disabled on all connections, even their own servers that that they otherwise cannot secure, apparently.Finedrawn
Better fix here: blogs.msdn.microsoft.com/phkelley/2014/01/20/…Meatman
P
75

kiddailey I think was pretty close, however I would not disable ssl verification but rather rather just supply the local certificate:

In the Git config file

[http]
    sslCAinfo = /bin/curl-ca-bundle.crt

Or via command line:

git config --global http.sslCAinfo /bin/curl-ca-bundle.crt
Pitch answered 3/11, 2014 at 8:36 Comment(6)
On git for windows, this is git config --global http.sslCAinfo /usr/ssl/certs/ca-bundle.crtCryptonymous
Or for me git config --global http.sslCAinfo /c/Program\ Files\ \(x86\)/Git/bin/curl-ca-bundle.crtSectionalism
For users on MacPorts, this is git config --global http.sslCAinfo /opt/local/share/curl/curl-ca-bundle.crtHavre
With Git 2.8 you can use git config --list --show-origin to see where the http.sslCAinfo config is setEdouard
My certificate location on mac is : ~/macports/share/curl/curl-ca-bundle.crtTartary
I would advise against changing the git cert store. Better approach is to find where the git cert store is using the command git config --list --show-scope and later append your certs in that file. Refer this postEphraim
T
65

I faced this issue as well. And finally got resolved by getting guidance from this MSDN Blog.

Update

Actually you need to add the certificate in git's certificates file curl-ca-bundel.cert that resides in Git\bin directory.

Steps

  1. Open your github page in browser, and click over lock icon in address bar.
  2. In the opened little popup up navigate to 'view certificate' link, it will open a popup window.
  3. In which navigate to certificates tab (3rd in my case). Select the top node that is root certificate. And press copy certificate button in the bottom and save the file.
  4. In file explorer navigate Git\bin directory and open curl-ca-bundle.crt in text editor.
  5. Open the exported certificate file (in step 3) in text editor as well.
  6. Copy all of the content from exported certificate to the end of curl-ca-bundle.crt, and save.

Finally check the status. Please note that backup curl-ca-bundle.crt file before editing to remain on safe side.

Teleutospore answered 23/6, 2015 at 17:18 Comment(6)
"navigate Git\bin directory and open curl-ca-bundle.crt" There is not curl-ca-bundle.crt in the git\bin!Monteiro
@AntonK if it doesn't exist, create one yourself in notepad, and rename it with curl-ca-bundle.crt. Other steps remain same.Teleutospore
@AntonK It may be called just ca-bundle.crt and be located in mingw64\ssl\certs or mingw32\ssl\certs.Hedvah
Used this for Atlassian's SourceTree. The bundled GIT installation is in %userprofile%\appdata\local\attlassian\sourcetree\git_local. curl-ca-bundle.crt already existed, appended my base64 encoded exported root cert.Amphictyony
One problem with this answer. When you update git it restores the ca-bundle.crt file to it's original state (i.e. you loose your self signed public cert)Trichinize
Link gives a 403.Appendicitis
A
48

An answer to Using makecert for Development SSL fixed this for me.

I do not know why, but the certificate created by the simple 'Create Self Signed Certificate' link in IIS Manager does not do the trick. I followed the approach in the linked question of creating and installing a self-signed CA Root; then using that to issue a Server Authentication Certificate for my server. I installed both of them in IIS.

That gets my situation the same as the blog post referenced in the original question. Once the root certificate was copy/pasted into curl-ca-bundle.crt the git/curl combo were satisfied.

Acinus answered 27/5, 2014 at 15:12 Comment(2)
"I do not know why, but the certificate created by the simple 'Create Self Signed Certificate' link in IIS Manager does not do the trick..." - The best I can tell, it creates malformed certificates. There's lots of rules when creating X.509 certificates; the "do the minimum to make it work" no longer works well. Also see How do you sign Certificate Signing Request with your Certification Authority and How to create a self-signed certificate with openssl?Auld
This worked for me, but I got temporarily hung up on the "I installed both of them in IIS" part. To clairfy for others...the server cert is assigned in IIS, and the root CA needs to be imported to "Trusted Root Certification Authorities” via the Windows cert manager utility (certmgr.msc)Leahy
J
42

In case of github Repositories (or any none-self-signed certs), choosing below while installing Git-on-windows, resolved the issue.

enter image description here

Jellied answered 15/8, 2017 at 15:1 Comment(6)
You seemed to have answered a different question. The OP's question concerned self-signed certificates on Windows clients.Auld
@Auld the question title is a git error message that's shown even if repo is NOT self-signed SSL!Jellied
This got me passed the error, but for me accessing GitHub Enterprise required some key generation and adding of public/private keys.Loathing
If the self signed certifcate has been put into the windows certificates store by a helpful windows admin via a group policy then this answer is also a good one.Devisee
This solution is MUCH better than fiddling with SSL or manually adding certificates. Easy solution that actually works! (I'm a developer, not a system admin. I don't want to be bothered with certificates and stuff)Wanitawanneeickel
If you want to do this after installation, you can use the following command: git config --global http.sslBackend schannelAppointment
T
36

To avoid disabling ssl verification entirely or duplicating / hacking the bundled CA certificate file used by git, you can export the host's certificate chain into a file, and make git use it:

git config --global http.https://the.host.com/.sslCAInfo c:/users/me/the.host.com.cer

If that does not work, you can disable ssl verification only for the host:

git config --global http.https://the.host.com/.sslVerify false

Note : Subjected to possible man in the middle attacks when ssl verification is turned off.

Toga answered 1/2, 2017 at 22:24 Comment(2)
It may be worth noting that the --global option is not necessary: if you omit --global, the setting only applies to that particular git repo.Rube
How about if its my enterprise github? How do I obtain the root and intermediate CA is .cer format. I could only get .p7b files.Ephraim
G
32

To completely detail out the summary of all the above answers.

Reason

This problem is occuring because git cannot complete the https handshake with the git server were the repository you are trying to access is present.

Solution

Steps to get the certificate from the github server

  1. Open the github you are trying to access in the browser
  2. Press on the lock icon in the address bar > click on 'certificate'
  3. Go to 'Certification Path' tab > select the top most node in the hierarchy of certificates > click on 'view certificate'
  4. Now click on 'Details' and click on 'Copy to File..' > Click 'Next' > Select 'Base 64 encoded X509 (.CER)' > save it to any of your desired path.

Steps to add the certificate to local git certificate store

  1. Now open the certificate you saved in the notepad and copy the content along with --Begin Certificate-- and --end certificate--

  2. To find the path were all the certificates are stored for your git, execute the following command in cmd.

    git config --list

  3. Check for the key 'http.sslcainfo', the corresponding value will be path.

Note: If u can't find the key http.sslcainfo check for Git's default path: C:\Program Files\Git\mingw64\ssl\certs

  1. Now open 'ca-bundle.crt' present in that path.

Note 1 : open this file administrator mode otherwise you will not be able to save it after update. (Tip - you can use Notepad++ for this purpose)

Note 2 : Before modifying this file please keep a backup elsewhere.

  1. Now copy the contents of file mentioned in step 1 to the file in step 4 at end file, like how other certificates are placed in ca-bundle.crt.
  2. Now open a new terminal and now you should be able to perform operations related to the git server using https.
Guadalupeguadeloupe answered 27/10, 2020 at 8:58 Comment(1)
This doesn't seem to work behind corporate firewall situations.Endoskeleton
D
25

I've just had the same issue but using sourcetree on windows Same steps for normal GIT on Windows as well. Following the following steps I was able to solve this issue.

  1. Obtain the server certificate tree This can be done using chrome. Navigate to be server address. Click on the padlock icon and view the certificates. Export all of the certificate chain as base64 encoded files (PEM) format.
  2. Add the certificates to the trust chain of your GIT trust config file Run "git config --list". find the "http.sslcainfo" configuration this shows where the certificate trust file is located. Copy all the certificates into the trust chain file including the "- -BEGIN- -" and the "- -END- -".
  3. Make sure you add the entire certificate Chain to the certificates file

This should solve your issue with the self-signed certificates and using GIT.

I tried using the "http.sslcapath" configuration but this did not work. Also if i did not include the whole chain in the certificates file then this would also fail. If anyone has pointers on these please let me know as the above has to be repeated for a new install.

If this is the system GIT then you can use the options in TOOLS -> options GIt tab to use the system GIT and this then solves the issue in sourcetree as well.

Devisee answered 19/7, 2016 at 13:59 Comment(4)
"if i did not include the whole chain in the certificates file then this would also fail" - I just ran into this problemGilli
As far as including the whole chain, I have two certs above the github cert. Do I include them in order as root->next cert->github cert in the sslcainfo.crt file?Evvoia
I was able to access git repo packages by just adding the root cert.Evvoia
For future readers. No idea if it matters, but I put the "root" (topmost) cert at the END of the (http.sslcainfo) file. And then as I went away from the root cert in the chain, I put that cert above the previous entry of the (http.sslcainfo) file.Entellus
P
20

When using Windows, the problem resides that git by default uses the "Linux" crypto backend. Starting with Git for Windows 2.14, you can configure Git to use SChannel, the built-in Windows networking layer as the crypto backend. To do that, just run the following command in the GIT client:

git config --global http.sslbackend schannel

This means that it will use the Windows certificate storage mechanism and you don't need to explicitly configure the curl CA storage (http.sslCAInfo) mechanism.

Protomorphic answered 30/5, 2022 at 7:47 Comment(3)
worked as a charm!Whirlybird
Yep, this works great.Agnosia
This worked for me.Mckenzie
E
16

I have had this issue before, and solve it using the following config.

[http "https://your.domain"] sslCAInfo=/path/to/your/domain/priviate-certificate

Since git 2.3.1, you can put https://your.domain after http to indicate the following certificate is only for it.

Ensign answered 9/11, 2017 at 7:50 Comment(1)
This is the simpliest & most precise solution I found, if you also configured git config --global http.sslCAInfo <your-server-self-signed-cert.pem> before (Hence causing the "unable to get local issuer certificate" error)Muscat
K
12

Jan 2021 - Got around this in VS2019 by setting Menu > Git > Settings > Git Global Settings > Cryptographic Network Provider > [Secure Channel] instead of [OpenSSL]

Git SSL certificate problem unable to get local issuer certificate (fix)

PS: Didn't need to set --global or --local http.sslVerify false. I was cloning an Azure DevOps repo which wasn't using any self signed certs.. This seems like an issue with either VS2019 or Git for Windows.. They need to fix it !!

Koweit answered 15/1, 2021 at 18:28 Comment(1)
The command line equivalent (for non VS2019 etc) is : git config --global http.sslBackend schannelBerthaberthe
L
11

In my case, as I have installed the ConEmu Terminal for Window 7, it creates the ca-bundle during installation at C:\Program Files\Git\mingw64\ssl\certs.

Thus, I have to run the following commands on terminal to make it work:

$ git config --global http.sslbackend schannel
$ git config --global http.sslcainfo /mingw64/ssl/certs/ca-bundle.crt

Hence, my C:\Program Files\Git\etc\gitconfig contains the following:

[http]
    sslBackend = schannel
    sslCAinfo = /mingw64/ssl/certs/ca-bundle.crt

Also, I chose same option as mentioned here when installing the Git.

Hope that helps!

Leucoplast answered 20/1, 2020 at 16:32 Comment(0)
W
11

I have also recently faced this issue, and you get this issue usually when you are behind some corporate firewall, and then git cannot complete the https handshake with the git repository that you are trying to access. One of the way to solve it, is to use this command:

git config --global http.sslverify false

But as others have said this pretty much disables the ssl verification. The only secure way is to get the SSL certificate and add it locally to your Git folder, specifically in the file ca-bundle.crt.

One way to solve it, is to use the package pcer, to install it you need to do the following:

npm i -g pcer

Then you execute the following:

pcer alias git "C:\Program Files\Git\mingw64\etc\ssl\certs\ca-bundle.crt"

This would make git point to the above path, and then you can fetch the certificate by doing the following:

pcer fetch github.com -l git

Then you can perform git clone and it would work normally. For example:

enter image description here

For more information:

https://www.npmjs.com/package/pcer

https://github.com/PeterHdd/pcer

Note, I'm the owner of this package

Wart answered 17/5, 2023 at 9:46 Comment(0)
C
4

One thing that messed me up was the format of the path (on my Windows PC). I originally had this:

git config --global http.sslCAInfo C:\certs\cacert.pem

But that failed with the "unable to get local issuer certificate" error.

What finally worked was this:

git config --global http.sslCAInfo "C:\\certs\\cacert.pem"
Compare answered 21/2, 2019 at 18:16 Comment(0)
S
4

solved my problem git config --global http.sslBackend schannel

Slemmer answered 26/7, 2021 at 14:22 Comment(0)
C
3
  1. Download certificate from this link: https://github.com/bagder/ca-bundle
  2. Add it to C:\Program Files\Git\bin and C:\Program Files\Git\mingw64\bin

Then try something like: git clone https://github.com/heroku/node-js-getting-started.git

Circumspect answered 6/5, 2017 at 15:44 Comment(0)
C
3

In my case, I had to use different certificates for different git repositories.

Follow steps below (If you have a certificate of your repository, you can read from step 5)

  1. Go to remote repository's site. Ex: github.com, bitbucket.org, tfs.example...

  2. Click Lock icon on the upper left side and click Certificate.

  3. Go to Certification Path tab and double click to .. Root Certificate

  4. Go to Details tab and click Copy to file.

  5. Export/Copy certificate to wherever you want. Ex: C:\certs\example.cer

  6. Open git bash at your local repository folder and type:

    $ git config http.sslCAInfo "C:\certs\example.cer"

Now you can use different certificates for each repository.

Remember, calling with the --global parameter will also change the certificates of git repositories in other folders, so you should not use the --global parameter when executing this command.

Copepod answered 13/10, 2020 at 18:2 Comment(0)
K
3
git config --global http.sslbackend secure-transport

(had to do that after update to Big Sюr)

Koo answered 6/4, 2021 at 10:47 Comment(1)
after updating to Mac Big Sur, we too got SSL certificate problem: unable to get local issuer certificate. This fixed it!Charisecharisma
S
2

To fix the especific error SSL certificate problem: unable to get local issuer certificate in git

I had the same issue with Let's Encrypt certificates .

An web site with https we just to need :

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

but git pull says : 

fatal: unable to access 'https://example.com/git/demo.git/': SSL certificate problem: unable to get local issuer certificate

To fix it, we need also add: 

SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
Shortie answered 20/2, 2020 at 23:30 Comment(0)
T
2

git config --global http.sslVerify false

Tova answered 10/8, 2021 at 16:49 Comment(2)
this worked for me and missing is you need to turn verification as mentioned in the below answersLuigiluigino
Hello, man in the middle... DON'T USE THIS! Please see here: https://mcmap.net/q/47577/-unable-to-resolve-quot-unable-to-get-local-issuer-certificate-quot-using-git-on-windows-with-self-signed-certificate .Kiddush
E
2

Download and install local certificate. Probably it is published at your company site. For instance, *.cer file.

  1. Right click it and select Install Certificate. 'Certificate Inport Wizard' will appear. Select Local Machine. Press Next, confirm.

  2. Select Place all certificates in the following store, press Browse and select Trusted Root Certification Authorities, OK, Finish.

enter image description here

Also you can check if other applications can fetch, pull or push data. For instance, in Android Studio or probably IDEA you should select in Settings this checkbox: Use credential helper.

Educate answered 19/9, 2022 at 7:35 Comment(0)
L
1

I've had the same problem from Azure DevOps (Visual Studio). Finally I've decided to clone my repo using SSH protocol because of i've prefered it instead of disabling SSL verification.

You only need to generate a SSH Key, you can do it so... SSH documentation

ssh-keygen

And then, import your public key on yout git host (like Azure Devops, Github, Bitbucket, Gitlab, etc.)

Larissa answered 13/11, 2020 at 21:21 Comment(0)
E
1

I had this error occur when using visual studio. This occurs when you have the Cryptographic Network provider settings set to OpenSSL in the Visual Studio Options window. When I changed the setting to Secure Channel it solved it for me. This setting must have been set for me when I upgraded my VS.

Eskilstuna answered 26/4, 2021 at 16:51 Comment(0)
C
1

This works for me. I opened cmd line and ran following command. and pulled again.

git config --global http.sslVerify false

Cordova answered 12/7, 2022 at 15:53 Comment(1)
This disables a lot of security. It should be marked as a workaround and it is not specific enough.Accalia
M
1

I got this error when trying to "clone" the project. One work-around is to just use the "download as zip" on the webpage, which, for me, achieved what I wanted to do.

Macaroon answered 18/1, 2023 at 18:0 Comment(0)
D
0

Error

push failed
fatal: unable to access
SSL certificate problem: unable to get local issuer certificate

Reason

After committing files on a local machine, the "push fail" error can occur when the local Git connection parameters are outdated (e.g. HTTP change to HTTPS).

Solution

  1. Open the .git folder in the root of the local directory
  2. Open the config file in a code editor or text editor (VS Code, Notepad, Textpad)
  3. Replace HTTP links inside the file with the latest HTTPS or SSH link available from the web page of the appropriate Git repo (clone button)
    Examples: 
    url = http://git.[host]/[group/project/repo_name]     (actual path)
    replace it with either 
    url = ssh://git@git.[host]:/[group/project/repo_name] (new path SSH)
url = https://git.[host]/[group/project/repo_name]    (new path HTTPS)
Diplomatic answered 26/8, 2020 at 7:25 Comment(0)
M
0

I have resolved the issue by adding below entry in ${HOME}/.gitconfig file

[remote "origin"]

proxy=

In most case it will happen when proxy enabled in your machine so above mentioned entry will fix this problem.

Mcknight answered 7/10, 2021 at 6:37 Comment(1)
Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.Rhiannonrhianon
O
0

You might have a DNS issue and not a certificate issue, so before you disable SSL verification in your Git shell you should rule out a DNS problem. Cases such as these have been mentioned in Q&A forums such as https-issues-possibly-related-to-dns. If you are using WSL on Windows as your terminal, then you can try running sudo echo nameserver 8.8.8.8 > /etc/resolv.conf and then issue the git commands to see if that makes a difference. This does not seem to be a permanent DNS fix (lasting only the lifetime of your terminal session), but it could help you determine whether it is a DNS issue and not a certificate issue. You could also check this document on configuring your network to use a public DNS. Again, this is only to help you determine if your DNS settings might need adjusting in order to help resolve the certificate issues.

Octavla answered 10/8, 2022 at 2:58 Comment(0)
B
0

I came here after copy-pasting the error message I got into the search engine. In my case I had simply forgotten to turn on the enterprise VPN. After turning that on, my git commands to remote worked.

Bee answered 2/4 at 6:11 Comment(0)
T
-1

This might help some who come across this error. If you are working across a VPN and it becomes disconnected, you can also get this error. The simple fix is to reconnect your VPN.

Tyrosine answered 9/12, 2020 at 18:22 Comment(0)
A
-3

Use Github Desktop. It avoids all this mess. No configuration required, no re-settings, no SSL issues.

In fact Github Desktop can help you work with multiple enterprise and cloud versions at the same time.

Archipenko answered 14/6, 2023 at 4:56 Comment(0)
T
-4

I tried following and it worked ✅

git config --global http.sslVerify false
Thrill answered 1/9, 2022 at 19:6 Comment(1)
This disables a lot of security. It should be marked as a workaround and it is not specific enough.Accalia
D
-7

Use this command before to run composer update/install:

git config --global http.sslverify false
Dugald answered 23/3, 2017 at 10:11 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.