SSL certificate problem: self signed certificate in certificate chain

Question

I have upgraded my Inteliij IDEA 2019.2 recently and I am getting below error, if I try to pull from my IDE Git Pull Failed: unable to access 'https://github.xxx.com/app-Hello-USD/DGS.git/': SSL certificate problem: self signed certificate in certificate chain.

Could some one help me what option I have to enable.

Thanks

Does this answer your question? [How can I make git accept a self signed certificate?](https://stackoverflow.com/questions/11621768/how-can-i-make-git-accept-a-self-signed-certificate) — Gino Mempin, Apr 27 '20 at 00:49

score 51 · Answer 1 · answered Aug 02 '19 at 21:42

51

git config --global http.sslVerify false

answered Aug 02 '19 at 21:42

CrazyCoder

371,688
155
943
850

Could you please explain why this is happening? – Meredith Hesketh Fortescue May 05 '21 at 10:22
1

@Meredith Usually it's a content filter/proxy/firewall that filters the SSL traffic in your network and uses the self signed certificate in order to decrypt all the secure traffic. Contact your network administrator / IT Helpdesk / Security team for details. Another possible case is when the git repository is configured with the self signed certificate. Contact the git server administrator for more details. – CrazyCoder May 05 '21 at 17:01
Thanks so much. Have never seen this error before (over 10 years of using git) and got it today in Git bash shell. Your solution resolved the issue for me. – raddevus Aug 30 '21 at 18:47
4

not a good solution, better solution would be to add the self-signed certificate to the trusted certificates – Erdinc Ay Sep 01 '21 at 08:54
@ErdincAy can you please explain how to do it? – Ahinoam Mazuz Oct 06 '21 at 08:32
1

@AhinoamMazuz look up the JDK - Folder of your system / your environment, that you use (for Maven or your IDE), you'll find an JRE folder in there, go down to libs and then to security, there you'll find the cacerts - Certificate Store file .... for example: C:/jdk1.8.0_202/jre/lib/security/cacerts ... now use KeyStore Explorer http://keystore-explorer.org/ and add the certificate that is missing (the Java Certificate Store Default Passwort is: changeit) – Erdinc Ay Oct 07 '21 at 13:35
Don't forget to enable SSL verification after you've cloned the repository, otherwise Git will refuse to use SSL for any repository. – Boško Bezik Feb 23 '22 at 11:15

Boško Bezik · Answer 2 · 2022-02-24T12:41:09.293

To expand on the answer of @CrazyCoder.

This usually happens because your Git repository server is hosted inside a private network and uses a locally generated (self signed) TLS certificate. Because this certificate is not from a "trusted" source, most software will complain that the connection is not secure.

So you need to disable SSL verification on Git to clone the repository and immediately enable it again, otherwise Git will not verify certificate signatures for any other repository.

Disable SSL verification on Git globally: git config --global http.sslVerify false
Clone your repository: git clone <your repo>
Enable SSL verification on Git globally: git config --global http.sslVerify true
Change directory into your repo: cd <your repo>
Disable SSL verification only on your repository: git config --local http.sslVerify false

score 4 · Answer 3 · answered Mar 16 '22 at 16:29

4

If you want to add the self-signed cert, export the cert you want as a Base-64 encoded .CER file. Locate your Git cert.pem file (for me it is in C:\Program Files\Git\usr\ssl\cert.pem). Open up your .CER file in a text-editor, and copy/paste the contents at the end of your cert.pem file. Save the file. Then open up your console and type

 git config --global http.sslCAInfo "C:\Program Files\Git\usr\ssl\cert.pem"

answered Mar 16 '22 at 16:29

codeMonkey

3,334
2
30
45

Even pointing to this the same error occurs. Any other work around ? – rinilnath Mar 25 '22 at 04:01
This worked for getting SourceTree to recognize the repo. Thank you! – user3258911 Apr 26 '22 at 15:37

score 0 · Answer 4 · answered May 11 '22 at 13:48

0

From my chief of IT: this can be fixed by disabling SSL checking in the git config for the affected repositories. This should not require elevated privileges to complete.

git config http.sslVerify "false"

This command did not require use of the --global argument.

answered May 11 '22 at 13:48

brethvoice

166
1
3
12

The trouble ticket I submitted to IT stated that "The git bash terminal was unable to access the URL of the repo which I could view from a browser in Bitbucket. The reason was an SSL certificate problem: 'self-signed certificate in certificate chain.'" – brethvoice May 11 '22 at 13:53

SSL certificate problem: self signed certificate in certificate chain

4 Answers4