Git ssl error on windows

Asked 23/9, 2011 at 8:23 Answered 26/11, 2015 at 13:19

I keep getting the following error when attempting to clone a git repository using ssl on windows:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The ssl certificate hierarchy is trusted (the issuer certificate is added to Trusted Root Certificate Authorities) and I can browse to the hosting site (a private instance of Gitorious) without ssl errors. I've tried cloning on Windows 7 and on Windows Server 2008 and it's failed both times.

Anyone got any ideas?

Berezina answered 23/9, 2011 at 8:23 Comment(2)

Possible duplicate of Invalid SSL certificate when pushing to Git server – Weathertight 4/3, 2018 at 21:43

f15ijp.com/2012/08/… one of the best solution which I found – Olympia 22/3, 2020 at 14:16

Git Apparently not take certificates saved in windows, you have to specify what editing the path to the certificate file .gitconfig

gitconfig location:

C:\Program Files (x86)\Git\etc

Add the line (replace with the path to file and yourCertificate.ctr with the name to your certificate):

.
.
.
[help]
    format = html
[http]
    sslVerify = true
    sslCAinfo = C:/Program Files (x86)/Git/bin/curl-ca-bundle.crt
    sslCAinfo = [route]/yourCertificate.crt
[sendemail]
    smtpserver = /bin/msmtp.exe

[diff "astextplain"]
.
.
.

and try again..

Teakwood answered 25/9, 2013 at 15:21 Comment(3)

I was having the same problem with Stash installed on my server. I had to save the certificate as rfc, only then did it work. So, on the server, where I have my keystore I ran this: "%JAVA_HOME%\bin\keytool" -export -keystore .keystore -rfc -alias tomcat -file yourCertificate.crt – Apomorphine 10/6, 2014 at 3:8

Git on Windows no longer uses a .gitconfig file or a curl-ca-bundle.crt in those locations and I'm having trouble finding the right way of doing this now. – Masquerade 6/12, 2016 at 23:4

@Masquerade C:\Program Files\Git\mingw64\ssl\certs? – Maunder 27/7, 2018 at 18:25

The location of http.sslcainfo is stored in "C:\ProgramData\Git\config". It is not altered when uninstalling/reinstalling git.

I recently had to change it from

sslCAInfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

sslCAInfo = C:/Users/kristof/AppData/Local/Programs/Git/mingw64/ssl/certs/ca-bundle.crt

Also see issue:
Configure http.sslcainfo in Git for Windows' own system-wide config #531
https://github.com/git-for-windows/git/issues/531

Rojo answered 26/11, 2015 at 13:19 Comment(0)

Make sure to add to your Git global config file:

 http.sslcainfo=/bin/curl-ca-bundle.crt

Your msysgit instance needs to know where to look for the CA certificates in order to validate them.

See more settings in this SO answer or in "Cannot get Http on git to work".

Hither answered 23/9, 2011 at 8:49 Comment(4)

If I run git clone from Git Bash it works. Only issue in eclipse. – Ormolu 3/7, 2014 at 11:5

@JigarShah that could be a question in its own, describing the problem and adding a lot of specific details (what OS, what version of Java, Eclipse, Egit? what version of git?) – Hither 3/7, 2014 at 11:14

Sorry comment at wrong place. Win8-64Bit, Eclipse Luna, (No special plugin for git but m2eclipse) JDK8. #24551242 – Ormolu 3/7, 2014 at 11:20

@JigarShah you are using an ssh url: you don't need a proxy for that. – Hither 3/7, 2014 at 11:22

-1

If all else fails, you can set the environment variable GIT_SSL_NO_VERIFY to true. However, it is hopefully possible to resolve the issue in another way. WARNING: This exposes you to SECURITY RISKS, as you can no longer trust that you're talking to the server you think you're talking to.

Nader answered 23/9, 2011 at 8:32 Comment(1)

I did the same. same error. In eclipse > git > Configuration > User settings added sslVerify = false. But it seems its not able to connect on ssl itself. – Ormolu 3/7, 2014 at 11:4

Recommended topics

Hot tags