SSL certificate problem: unable to get local issuer certificate AZURE DEVOPS

Asked 14/6, 2021 at 19:18 Answered 23/8, 2022 at 4:48

I have a problem... My code in Gitlab, Pipeline in Azure DevOps. I use classic editor. When i start pipeline i have error "fatal: unable to access 'fatal: unable to access 'https://my.repos.example:***.git/': SSL certificate problem: unable to get local issuer certificate" Please help me!

Drawtube answered 14/6, 2021 at 19:18 Comment(5)

From what I can tell it cannot verify your certificate. One thing you could do (not necessarily recommending it) is found here: confluence.atlassian.com/bitbucketserverkb/… which is to turn off the verification via git command. – Sunderland 14/6, 2021 at 19:21

yes, but in azure devops i cant do this... – Drawtube 14/6, 2021 at 20:4

learn.microsoft.com/en-us/azure/devops/pipelines/scripts/… – Sunderland 14/6, 2021 at 21:0

i dont understand how this can help me ? I use classic editor, and every time first step is clone repo... – Drawtube 15/6, 2021 at 6:56

I didn't know the exact answer but as you figured out it has to do with turning off verification (somehow) of the ssl verification which was what I was trying to point you to. I just knew there was at least one way to do it. – Sunderland 15/6, 2021 at 18:56

If you want to cancel check azure devops ssl certificate, you need to go a variable group your pipeline and add GIT_SSL_NO_VERIFY = 1

Drawtube answered 15/6, 2021 at 10:33 Comment(2)

Although this works, but this is unsecure way of doing it. There are some posts describe how to add .cer files to git store. But personally couldn't figured it out. – Implicit 1/2, 2022 at 9:1

Does not work for my case. Still gives me a long error message in Azure Devops Server 2020 telling that secure connection couldn't be established – Crapulous 13/7, 2022 at 15:0

For me this issue came up when attempting to clone a repository through Visual Studio 2019. Upon selecting the Azure option in the repository menu I then picked the codebase I wanted to clone. After this step I was prompted with an error of:

 "SSL certificate problem: unable to get local issuer certificate"

I ran the git command setting up the global ssl backend:

> git config --global http.sslbackend schannel

And the next time I tried the steps listed above, all was well.

Backstitch answered 7/3, 2022 at 21:12 Comment(0)

Note: You could disable SSL certificate validation in Git or tick the checkbox accept untrusted SSL certificates, but that is definitely not the preferred practice for security.

In my case, I had Github enterprise repository which was giving this error. Try below steps:

Enable git to use schannel: git config --global http.sslbackend schannel
Export the certificates from your browser in the Base-64 encoded X.509 (.CER) format.

Note: In case of windows os, you can import .p7b files by right clicking the > install certificates.

Repeat the step-2 for all the intermediate certificate chain.
Copy and append all the certificates as obtained above.
Find out the Certificate store of the git: git config --list --show-scope The path will be mentioned in system scope http.sslcainfo.
Using a text editor (Notepad++) open ca-bundle.crt and copy paste the certificates from step-4 to the end of the ca-bundle.crt file and click Save.

Now retry the pipeline run.

Implicit answered 2/2, 2022 at 8:28 Comment(0)

If you want to cancel check azure devops ssl certificate, you need to go a variable group your pipeline and add GIT_SSL_NO_VERIFY = 1

Drawtube answered 15/6, 2021 at 10:33 Comment(2)

Although this works, but this is unsecure way of doing it. There are some posts describe how to add .cer files to git store. But personally couldn't figured it out. – Implicit 1/2, 2022 at 9:1

Does not work for my case. Still gives me a long error message in Azure Devops Server 2020 telling that secure connection couldn't be established – Crapulous 13/7, 2022 at 15:0

Just re-installing git worked for me. Try to uninstall and install git

Numbersnumbfish answered 6/5, 2022 at 12:35 Comment(1)

By any chance are you gonna reinstall it each time it goes YOLO? I do not know how many times are you forced to do this, but it kept re-appearing after each 10-15 min. – Fetor 24/8, 2022 at 19:22

Basically issue was git used ROOT self sign certificate (sometimes company provided CA) which is not trusted by local git bash. Below are the steps I took to resolve the issue.

One of the eazy way is dissable ssl verify but there is a security issue as well as I got a warning message when git clone/push etc and for that message takes few time to do the git action.

Step 1 When installing use Native Windowns secure channel libary as per https://mcmap.net/q/47577/-unable-to-resolve-quot-unable-to-get-local-issuer-certificate-quot-using-git-on-windows-with-self-signed-certificate

or if you already install then change gitconfig file to below (This can be change by command line which is using git config --system)

[http] sslBackend = schannel

Step 2 run git config --global --edit in git command and you can see below configs.

[http]
        sslverify = true
        sslbackend = openssl
        sslcainfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

Download the certificate chain and upload it to above path sslcainfo https://mcmap.net/q/46453/-how-can-i-make-git-accept-a-self-signed-certificate i) To download certificate can do by browser by clicking lock icon and open certificate and go to Copy to File..., if you use windowns cer then use "DER encoded binary X.509" copy certificate to local. edit and copy and append this certificate to ca-bundle.crt file

If your still facing some slowness (My senario it was) So then add below config to the git config --global --edit file.

[credential]
        provider = generic

Frontwards answered 23/8, 2022 at 4:48 Comment(0)

Recommended topics

Hot tags