6

I have a problem... My code in Gitlab, Pipeline in Azure DevOps. I use classic editor. When i start pipeline i have error "fatal: unable to access 'fatal: unable to access 'https://my.repos.example:***.git/': SSL certificate problem: unable to get local issuer certificate" Please help me!

kostukp96
  • 167
  • 2
  • 7
  • From what I can tell it cannot verify your certificate. One thing you could do (not necessarily recommending it) is found here: https://confluence.atlassian.com/bitbucketserverkb/ssl-certificate-problem-unable-to-get-local-issuer-certificate-816521128.html which is to turn off the verification via git command. – Mike Cheel Jun 14 '21 at 19:21
  • 1
    yes, but in azure devops i cant do this... – kostukp96 Jun 14 '21 at 20:04
  • https://docs.microsoft.com/en-us/azure/devops/pipelines/scripts/git-commands?view=azure-devops&tabs=yaml – Mike Cheel Jun 14 '21 at 21:00
  • i dont understand how this can help me ? I use classic editor, and every time first step is clone repo... – kostukp96 Jun 15 '21 at 06:56
  • I didn't know the exact answer but as you figured out it has to do with turning off verification (somehow) of the ssl verification which was what I was trying to point you to. I just knew there was at least one way to do it. – Mike Cheel Jun 15 '21 at 18:56

4 Answers4

3

Note: You could disable SSL certificate validation in Git or tick the checkbox accept untrusted SSL certificates, but that is definitely not the preferred practice for security.

In my case, I had Github enterprise repository which was giving this error. Try below steps:

  1. Enable git to use schannel: git config --global http.sslbackend schannel
  2. Export the certificates from your browser in the Base-64 encoded X.509 (.CER) format.

Note: In case of windows os, you can import .p7b files by right clicking the > install certificates.

  1. Repeat the step-2 for all the intermediate certificate chain.

  2. Copy and append all the certificates as obtained above.

  3. Find out the Certificate store of the git: git config --list --show-scope The path will be mentioned in system scope http.sslcainfo. CA-cert

  4. Using a text editor (Notepad++) open ca-bundle.crt and copy paste the certificates from step-4 to the end of the ca-bundle.crt file and click Save.

Now retry the pipeline run.

Rajesh Swarnkar
  • 143
  • 1
  • 1
  • 12
2

For me this issue came up when attempting to clone a repository through Visual Studio 2019. Upon selecting the Azure option in the repository menu I then picked the codebase I wanted to clone. After this step I was prompted with an error of:

 "SSL certificate problem: unable to get local issuer certificate"

I ran the git command setting up the global ssl backend:

> git config --global http.sslbackend schannel

And the next time I tried the steps listed above, all was well.

Dharman
  • 26,923
  • 21
  • 73
  • 125
tijko
  • 6,839
  • 11
  • 40
  • 56
0

If you want to cancel check azure devops ssl certificate, you need to go a variable group your pipeline and add GIT_SSL_NO_VERIFY = 1

kostukp96
  • 167
  • 2
  • 7
  • Although this works, but this is unsecure way of doing it. There are [some posts](https://stackoverflow.com/questions/23885449/unable-to-resolve-unable-to-get-local-issuer-certificate-using-git-on-windows?rq=1) describe how to add `.cer` files to git store. But personally couldn't figured it out. – Rajesh Swarnkar Feb 01 '22 at 09:01
0

Just re-installing git worked for me. Try to uninstall and install git

ARPIT TIWARI
  • 1