I’m trying to clone my GitHub project using the https-URL, but it fails with an error:
$ git clone https://foo@github.com/foo/foo-private.git
Cloning into foo-private...
Password:
error: error setting certificate verify locations:
CAfile: /bin/curl-ca-bundle.crt
CApath: none
while accessing https://foo@github.com/foo/foo-private.git/info/refs
fatal: HTTP request failed
What am I doing wrong?
asked Sep 23, 2010 at 11:51
I have seen this on Windows, with msysgit 1.7.2.3. You have to fix the path to bin/curl-ca-bundle.crt. I had to specify the absolute path, using back-slashes:
git config --system http.sslcainfo "C:Program Files (x86)gitbincurl-ca-bundle.crt"
This will result in changes to [git-install-dir]/etc/gitconfig file, which may be edited directly, too.
(Original solutions found at http://github.com/blog/642-smart-http-support)
answered Sep 23, 2010 at 12:17
mstrapmstrap
16.3k9 gold badges54 silver badges85 bronze badges
11
I solved the problem installing the Git from: https://git-for-windows.github.io/
Locate the cert file path:
D:Program FilesGitmingw64sslcertsca-bundle.crt
Configure the Git path:
git config —system http.sslcainfo «D:Program
FilesGitmingw64sslcertsca-bundle.crt»
Try again
shareef
9,00413 gold badges58 silver badges89 bronze badges
answered Oct 26, 2015 at 0:16
rogertodayrogertoday
9116 silver badges2 bronze badges
5
If you use MSYS2…
Just install the certificate packages with the following commands:
32 bits
pacman -S mingw-w64-i686-ca-certificates ca-certificates
64 bits
pacman -S mingw-w64-x86_64-ca-certificates ca-certificates
answered Apr 18, 2015 at 22:29
CoolOppoCoolOppo
5739 silver badges17 bronze badges
6
If you were using Cygwin, you might install the ca-certificates package with
apt-cyg:
wget rawgit.com/transcode-open/apt-cyg/master/apt-cyg
install apt-cyg /usr/local/bin
apt-cyg install ca-certificates
How do I install a cygwin package from the command line?
answered May 13, 2013 at 1:55
Jiangwei YuJiangwei Yu
5796 silver badges7 bronze badges
2
git config --global http.sslverify "false"
Will solve the problem.
After that a Pop-up window appears to enter your username and password
Paul Roub
36.2k27 gold badges82 silver badges90 bronze badges
answered Sep 13, 2017 at 19:43
2
SOLVED:
I got this error when I installed an update to the Git windows installer. What happened is that I did not install it with administrator rights, so Git was installed in «C:Usersmy_nameAppDataLocalPrograms» instead of «C:program Files». re-installing Git as administrator allowed to put it in C:program Files and everything went fine again !
answered Dec 14, 2015 at 12:35
1
This worked for me (I’m using Manjaro linux). I run the cmd to view ca-certificates:
$ curl-config --ca
**/etc/ssl/certs/ca-certificates.crt**
But actually i found the certificates at the path:
**/etc/ca-certificates/extracted/ca-bundle.trust.crt**
Then add the config into ~/.gitconfig (if not existing, create it):
**vim ~/.gitconfig**
[http]
sslVerify = true
sslCAinfo = /etc/ca-certificates/extracted/ca-bundle.trust.crt
[user]
email = <email of github account>
name = <username of github account>
It works!
.rbenv]$ git pull
remote: Counting objects: 70, done.
remote: Compressing objects: 100% (47/47), done.
remote: Total 70 (delta 39), reused 12 (delta 12), pack-reused 6
Unpacking objects: 100% (70/70), done.
From https://github.com/sstephenson/rbenv
c43928a..efb187f master -> origin/master
+ 37ec781...7e57b52 user-gems -> origin/user-gems (forced update)
Updating c43928a..efb187f
Fast-forward
libexec/rbenv-init | 4 ++--
libexec/rbenv-version-file | 1 +
test/init.bats | 2 +-
test/test_helper.bash | 25 +++++++++++++++----------
4 files changed, 19 insertions(+), 13 deletions(-)
chappjc
30.2k6 gold badges75 silver badges130 bronze badges
answered Oct 11, 2015 at 2:55
Duy NguyenDuy Nguyen
531 silver badge3 bronze badges
1
git config --system http.sslcainfo /bin/curl-ca-bundle.crt
This works. You don’t have to give full path.
answered Feb 19, 2014 at 9:49
KannarKKKannarKK
1,51520 silver badges35 bronze badges
I faced this while git pull. For mine edited the global git config file that fixed problem.
Goto your home folder and open .gitconfig file. Usually C:Users.gitconfig
If the file is not there create it
[http]
sslcainfo = E:systoolsgit-1.8.5.2bincurl-ca-bundle.crt
There you have to given your own git installation path. I have used portable version of git here.
Then git clone / pull it will work.
answered Feb 20, 2014 at 1:11
arulraj.netarulraj.net
4,4593 gold badges35 silver badges36 bronze badges
2
In my win10 case I have two versions of .gitconfig
- the first one is in
C:Program FilesGitetc - the second is in
C:Users<user>
The command
git config --system http.sslcainfo "C:Program FilesGitmingw64sslcertsca-bundle.crt"
indeed makes changes to C:Program FilesGitetc, but git somehow uses config in C:Users<user>
So with notepad I changed the second one .gitconfig and git finally took right configuration and got working.
answered Jan 9, 2020 at 13:41
d0wnd0wn
1113 bronze badges
1
If you are using the Git command shell that installs with the GitHub for Windows app then this and various other problems can show after an update. Just start the Git Hub windows app and shut it down again. The shell will then work OK again. The problem is that the update does not complete until the windows application is run. Just using the shell on its does not trigger the update to complete.
answered Apr 4, 2016 at 15:24
Paul DPaul D
5715 silver badges13 bronze badges
I’ve seen this on my Github for Windows.
I recommend uninstalling Github for Windows and installing it again.
Before this, I tried several ways with no success, but this solution worked for me!
answered Apr 12, 2016 at 23:26
AlisaAlisa
2,8123 gold badges31 silver badges44 bronze badges
On Windows using msysgit I had this error and the cause was my additions of our corporate proxy certificates.
If you edit your curl-ca-bundle.crt you have to get sure about your lineendings. In case of the curl-ca-bundle you have to use Linux-Style lineendings.
> git ls-remote --tags --heads https://github.com/oblador/angular-scroll.git
fatal: unable to access 'https://github.com/oblador/angular-scroll.git/': error setting certificate verify locations:
CAfile: C:Program Files (x86)Gitbincurl-ca-bundle.crt
CApath: none
You can use notepad++ to convert the lineendings to Linux (linefeed).
answered Jun 26, 2015 at 7:11
ThomasThomas
2,1171 gold badge32 silver badges45 bronze badges
On a side note, this issue can happen in Windows if the user who is trying to use git is different than the user who installed it. The error may indicate that git cannot access the certificate files. Installing git as the administrator and using @rogertoday’s answer resolved my issue.
answered Dec 2, 2015 at 17:43
MaghoumiMaghoumi
3,2172 gold badges32 silver badges49 bronze badges
I found a good solution for adding/updating the CA certificates on RHEL/CentOS 6 which is the root cause reported issue.
Since they become outdated distros, the cacert authorities in that system has not been updated until executing the command sudo yum update.
Didn’t realize the issue until the GIT_CURL_VERBOSE mode shows the cacert path issue.
answered Jul 27, 2016 at 8:01
S.K. VenkatS.K. Venkat
1,7332 gold badges26 silver badges34 bronze badges
I encountered this error after updating to Visual Studio 2019 16.10.2 (from 16.10.0), whereas previously Git was working correctly.
I do not have Git installed separately. (Or, put another way, I only use Git as part of Visual Studio.)
I solved this problem by locating the file "ca-bundle.crt" at "C:Program Files (x86)Microsoft Visual Studio2019ProfessionalCommon7IDECommonExtensionsMicrosoftTeamFoundationTeam ExplorerGitmingw32sslcertsca-bundle.crt", and then copying it to the folder it was indicating it couldn’t be found at, "C:Program FilesGitmingw64sslcertsca-bundle.crt".
Do note that I had to create the «mingw64sslcerts» directories, as they did not previously exist.
After copying the file there, Git was able to sync once again immediately without restarting Visual Studio.
answered Jun 16, 2021 at 20:39
Justin ShidellJustin Shidell
5481 gold badge5 silver badges16 bronze badges
In my case, the solution to the problem was to change openssl to schannel:
Before
PS E:wwwXXXXX> git config --global http.sslverify "true"
PS E:wwwXXXXX> git pull origin main --force
fatal: unable to access 'https://gitlab.com/XXXXXXXXX.git/': error setting certificate verify
locations: CAfile: C:Program FilesGitmingw64sslcerts CApath: C:Program FilesGitmingw64sslcerts
Solution
PS E:wwwXXXXX> git config --global http.sslbackend schannel
After
PS E:wwwXXXXX> git config --global http.sslverify "true"
PS E:wwwXXXXX> git pull origin main --force
From https://gitlab.com/XXXXXXXXX
* branch main -> FETCH_HEAD
Already up to date.
It would look like this in C:Program FilesGitetcgitconfig
[http]
sslBackend = schannel
sslcainfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
answered Jul 31, 2022 at 21:38
On Linux, I had this error and fixed it by running sudo update-ca-certificates.
answered Jun 12, 2015 at 6:37
user5002062user5002062
5313 silver badges8 bronze badges
1
If anybody else is facing this issue in Git for Windows and do not have curl-ca-bundle.crt anywhere on your system even after reinstalling, this is the process I followed:
- Download the latest version of curl here: curl download mirror
- Extract and navigate to
curl-**.**.*/libin the command line - Run
./mk-ca-bundle.prl - Copy
ca-bundle.crtto your git path and update the config as listed in other answers
Shout out to this gist for helping me get the installation done.
answered Jul 4, 2018 at 16:13
tordaltordal
6345 silver badges17 bronze badges
I’ve solved this problem on a Windows Server 2016 by reinstalling it and by choosing «native Windows Secure Channel library» on the «Choosing HTTPS transport backend» install step.
answered Nov 8, 2018 at 16:46
ThibaultThibault
7942 gold badges7 silver badges15 bronze badges
For MinGit users on Windows 10:
You’ll have to make slight adjustments to @mstrap’s answer.
git config --system http.sslcainfo "<PATH-TO-MINGIT>mingw64sslcertsca-bundle.crt"
answered Mar 18, 2021 at 12:13
JarmosJarmos
1981 gold badge10 silver badges20 bronze badges
For me what solved the problem was when on my windows 10 box, I tried uninstalling git and resintalling, using Windows Cmd as default not Git Bash
Open CMD and run the following
//Once installed try to resintall the bin folder
git config --system http.sslcainfo bin/curl-ca-bundle.crt
//disable ssl verification
git config --global http.sslverify "false"
//Then try to clone repo again
git clone git@github.com:account/someproject.git
krock
28.6k13 gold badges78 silver badges85 bronze badges
answered Feb 25, 2017 at 21:05
I received this error after moving git across hard drives. Deleting and reinstalling in the new location fixed things
answered Mar 22, 2018 at 9:28
gamesgurugamesguru
721 gold badge2 silver badges5 bronze badges
0
On git for Windows you can also reinstall and select the Windows native certificate validation method (OpenSSL is default). This will skip the OpenSSL verification and instead use the Windows native one, which doesn’t require maintaining a separate tool (OpenSSL) and certificates.
Worked perfectly for me 
answered Aug 16, 2018 at 14:39
reijinreijin
13310 bronze badges
The solution that work for me in windows 64bits is the following
git config —system http.sslverify false
answered Mar 22, 2019 at 17:08
The following command
git clone git://github.com/username/projectname.git
worked for my needs, but I assume you want more than read-only access, right?
answered Jul 26, 2011 at 0:24
Andrew GrimmAndrew Grimm
76.9k54 gold badges198 silver badges335 bronze badges
I was able to solve this issue with the following command.
git config —system http.sslverify false
answered Mar 10, 2016 at 7:47
1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
lookfwd opened this issue
Jul 4, 2017
· 40 comments
Comments
Getting this error while cloning the book:
C:Usersme> git clone https://github.com/scalingexcellence/scrapybook.git
Cloning into 'scrapybook'...
fatal: unable to access 'https://github.com/scalingexcellence/scrapybook.git/':
error setting certificate verify locations:
CAfile: C:Program FilesGitmingw64/bin/curl-ca-bundle.crt
CApath: none
Copy link
Collaborator
Author
A temporary fix is to use GIT_SSL_NO_VERIFY to disable ssl checking.
set GIT_SSL_NO_VERIFY=true
git clone...
lucasbugnon, ElMoatamidOussama, Gelberm, KA24956T, ravi23796, dflo, LuizFelipe2mn, jkhere, xywang-talend, adiljamal007, and 60 more reacted with thumbs down emoji
SashaShoka reacted with confused emoji
Installing Git again fix this error in my case.
guptavibhor, abhipinapaka, ravi23796, adiljamal007, carlosdagos, susenmaharjan, selvin-joseph, andrewpareles, rahulnagavalli, Isaacbelo, and 16 more reacted with thumbs down emoji
git config --global http.sslverify "false"
This command resolve my problem
KA24956T, ravi23796, splinter89, dflo, adiljamal007, process0, carlosdagos, orgi, leonheess, carpenterjc, and 40 more reacted with thumbs down emoji
dcworldwide, PeterWippermann, adiljamal007, kuaidaili-dev, eperez86, liangkai, lmw123, FerAnimaciones, hisigns, navgarg, and 13 more reacted with laugh emoji
susenmaharjan, eperez86, liangkai, lmw123, gonghs, MrJavaScript1990, Myung5, peppard102, JElfferich, THEBEAST310, and 12 more reacted with hooray emoji
adiljamal007, AlexanderTang, aminechir, JRunnerL, leinad87, unrealcznyui, oxydonth, patheard, and ulysses-ck reacted with confused emoji
eperez86, liangkai, lmw123, FerAnimaciones, Myung5, Manamw2, navgarg, peppard102, JElfferich, Thejaswi1405, and 33 more reacted with heart emoji
Utkarsh-Gangal, mkltaneja, z3n3x, LiuYinglovecode, rxa271, Maxython, ulysses-ck, artyom12211, luzixiao, ScareTrow, and 2 more reacted with rocket emoji
eperez86, FerAnimaciones, NoBrainer, danghieuliem, ulysses-ck, lcan520, and Apteryx009 reacted with eyes emoji
still i am getting same error
git config --global http.sslverify "false"
This command resolve my problem
why it came what was the problem
why i need to use this command
why i need to use this command
It disables verification for all certificates.
Got the same issue, used SSH public key…more convenient for lazy dudes like me besides, cannot update Git client on my NAS in an easy way
It’s a better solution to get the ca-bundle.crt file and update the git config to use it with:
git config http.sslCAinfo "/path/to/ca-bundle.crt"
llMaximll and EdwinWalela reacted with hooray emoji
Bouriga, Leya555, bls61793, boro28, EdwinWalela, KingPegasus, shizzic, and lukasfichnaCGI reacted with heart emoji
@NoBrainer hey , I tried doing it . but it is not working . can you please help. still shows
CAfile: C:Program FilesGitmingw64/bin/curl-ca-bundle.crt
it is a mac OS.
@boiindo, it looks like you’re mixing Windows and UNIX-based path syntax. You probably want something more like:
git config http.sslCAinfo "/c/Program Files/Git/mingw64/bin/curl-ca-bundle.crt"
(Make sure you verify that the path is correct by doing something like: cd /c/Program Files/Git/mingw64/bin.)
@NoBrainer thanx for replying. I did notice the mixing of 2 syntax. Donot understand how a windows path is present in macos. tried searching for curl-ca-bundle, couldn’t find it. tried exporting certificates into a .pem file , but then get «fatal not in git directory» ( should i add the file in the bin) . when trying to change the path with git config , it says no access.
Kindly help. Can I download certificates from somewhere (don’t know authentic places) and place it in the git directory ?
@boiindo, you’ll need to check inside of the directory where git is installed. For my Windows installation, it’s this: Git/mingw64/ssl/certs/ca-bundle.crt. I’m not sure where it installs it for Mac, but I assume you can find it in the installation directory. (If you do not find this, you probably have an outdated version of git, so you should reinstall it first.)
Thanks guys, the following has helped me to fix the issue:
git config —global http.sslverify «false»
NoBrainer, mariusingjer, joshfleming, dandiDrazard, ErickOF, Gimli05, scrambledheads, sxs1539, imonsheikh, devakishore, and mrakic-igt reacted with thumbs down emoji
git config --global http.sslverify "false"
This command resolve my problem
Thank you soo sooo much
I got frustrated because it wasn’t working , thank you!!!!!
@Erasmus24 & @pranavdj9, by turning off http.sslverify, you are treating the symptom instead of solving the problem. You should fix the certificate issue instead of downgrading your security. This is only acceptable when debugging or working with a prototype.
Well… I really don’t know how to fix that, I tried searching the internet… but didn’t find anything relatable. If you know how to do it, then pls tell me
I’ve just started using git bash, so I only know limited and basic commands
@pranavdj9, you need to find where ca-bundle.crt is located within the Git installation. If you can’t find it, you probably have to update/reinstall Git. Once you find the file, you can run: git config http.sslCAinfo "/path/to/ca-bundle.crt"
Thanks so much
I will definitely try it
Thanks Steve I really appreciate
…
On Sun, Oct 25, 2020 at 9:07 PM Steven Penny ***@***.***> wrote:
I had this problem as well. My issue was this file:
/usr/ssl/certs/ca-bundle.crt
if by default just an empty file. So even if it exists, youll still get the
error as it doesnt contain any certificates. You can generate them like
this:
p11-kit extract —overwrite —format pem-bundle /usr/ssl/certs/ca-bundle.crt
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#36 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQM7RKSSX5U6OJUI2DDB4DDSMTKXLANCNFSM4DRWJ7IA>
.
I was getting the same error, and i resolved it with this steps:
- Unnistall Git from your PC, and remove the folder remained(Git/etc).
- Access your path variables and remove the git from all the users and the general path.
- Install git again running as admin.
While installing git I enabled the git credential manager. Weeell, I clicked next next next finish
without customizing anything. But when am pushing my code to my github account and am about to complete authentication by authorizing the git credential manager, am unable to because where am supposed to click has been disabled.
Helloooo, I got a solution to my problem an am happy. I was using Microsoft edge a my default browser and it had no certificates for verification. That is why the button «authorize git credential manager» was disabled. Thanks to me😊
One possible reason you’re getting that error is because this path C:Program FilesGitmingw64/bin/curl-ca-bundle.crt (which is the CA file path shown in the error message) is NOT where your curl-ca-bundle.crt is located.
I went into program files (file explorer) and found that my CA file was located at D:ProgramFiles(D)Gitmingw64sslcertsca-bundle.crt. I had installed Git on a different location than they expected.
To tell Git to run on the correct path, run: git config --system http.sslcainfo "YOUR PATH"
example:
git config --system http.sslcainfo "D:ProgramFiles(D)Gitmingw64sslcertsca-bundle.crt"
After that, go ahead and run the git clone / git push / ect. stuff! Looks like the post author’s next step is running git clone https://github.com/scalingexcellence/scrapybook.git
@pranavdj9, you need to find where
ca-bundle.crtis located within the Git installation. If you can’t find it, you probably have to update/reinstall Git. Once you find the file, you can run:git config http.sslCAinfo "/path/to/ca-bundle.crt"
i know this reply is late but i am having same issue on my windows laptop. can you please guide me through?
git config —global http.sslverify «false»
This solved my error, thanks so much
Thanks guys, the following has helped me to fix the issue:
git config —global http.sslverify «false»
When I use this, it says: error: could not lock config file C:/Users/Irene/.gitconfig: Permission denied
what can i solve it?
git config —global http.sslverify «false»
This command solve problem
git config --global http.sslverify "false"This command resolve my problem
My Problem is solved using this command.
Thanks JayaniSumudini 👍🏻
It’s a better solution to get the
ca-bundle.crtfile and update the git config to use it with:git config http.sslCAinfo "/path/to/ca-bundle.crt"
This is the line we all need, it works like a charm for me, but be sure to have only that line and not http.sslCApath and use --system to apply system-wide
Here is my command :
sudo git config --system http.sslCAinfo /usr/local/share/ca-certificates/zscaler.crt
Here is my file :
[http]
sslCAinfo = /usr/local/share/ca-certificates/zscaler.crt
Disabling ssl was not an option for me
Like other suggested. git config --system http.sslCAinfo "C:Program FilesGitmingw64sslcertsca-bundle.crt" — worked, just remember to run this command in Terminal opened with administrator privilege… I didn’t, I suffered for 20 minutes.
Did the command that supposedly fixes it, went through successfully. Yet I am still getting the same error, I am using portablegit and do not have administrative permissions on this PC. Any ideas?
I had this issue as well. Hopefully I’m not repeating an answer but I figured I’d document a cause. I had renamed the «User» folder where git was installed. I had already updated my $PATH variables but I didn’t update any git configs.
Old Directory T:*oldname*Gitmingw64sslcertsca-bundle.crt
New Directory T:*newname*Gitmingw64sslcertsca-bundle.crt
So I just used this like many others posted above:
git config --global http.sslCAInfo T:newnameGitmingw64sslcertsca-bundle.crt
in my case this was caused by my ca-bundle.crt was owned by the wrong user and not readable by others, chmod a+r ca-bundle.crt fixed it
For me it was another issue. Had a friend much more experienced with git then me help fix it. They fixed it by running
git config --global http.sslbackend schannelThey found it off of here: microsoft/Git-Credential-Manager-for-Windows#646
Solved it for me
Содержание
- Name already in use
- LetsHack / howto / GIT-SSL-Issues.md
- error setting certificate verify locations #1484
- Comments
- Bitbucket Support
- Knowledge base
- Products
- Jira Software
- Jira Service Management
- Jira Work Management
- Confluence
- Bitbucket
- Resources
- Documentation
- Community
- Suggestions and bugs
- Marketplace
- Billing and licensing
- Viewport
- Confluence
- SSL certificate problem: Unable to get local issuer certificate
- Related content
- Still need help?
- Problem
- Cause
- Resolution
- Resolution #1 — Self Signed certificate
- Resolution #2 — Default GIT crypto backend
- SSL certificate problem: self signed certificate in certificate chain #646
- Comments
- Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
- Problem
- Analysis
- Solution
- Solution 1
- Solution 2
- Solution 3
Name already in use
LetsHack / howto / GIT-SSL-Issues.md
- Go to file T
- Go to line L
- Copy path
- Copy permalink
Copy raw contents
Copy raw contents
Fixing Git SSL Certificate Issues
Git use SSL extensively to ensure that communication between the Git client and the Git server is encrypted preventing MITM or Man In The Middle Attacks. However this can also cause issues when you’ve setup your own Git server and generate a self signed certificate. We’ve also seen these issues arise when using Git on Windows.
In this short howto we will look at fixing the GIT SSL issues that’s regularly encountered while using windows.
What Do The Errors Look Like
- You should not have these issues if developing code on Linux or Raspbian on the Raspberry Pi.
- The SSL issues can also crop up when trying to commit code into the master repo at Github from your local windows repository.
- Here’s what the error might look like —
There are a few different approaches to sort this out. Let’s look at both of them below.
Option 1 : Turn off Git SSL Verification
- You can stop the Git client from verifying your servers certificate and to trust all SSL certificates you use with the Git client.
- This has it’s own security risks as you would not be warned if there was a valid problem with the server you are trying to connect to.
- That said, it’s the quickest and easiest fix for a non trusted server certificate.
- Simply run the below git command on your Git client.
bash# git config —global http.sslVerify false
Option 2 : Tell Git Where Your Certificate Authority Certificates Are Located
- Another option is to point your Git client towards a folder that contains the Certificate Authority certificate that was used to sign your Git server’s SSL certificate.
- You may not have one of these if you’re using Self Signed certificates.
- Save the CA certificate to a folder on your Git client and run the following git command to tell your Git client to use it when connecting t the server:
bash# git config —system http.sslCAPath /git/certificates
Hope either of the above approaches have helped you fix your git SSL issue.
Источник
error setting certificate verify locations #1484
Hi,
I’m trying to follow the windows install instructions here:
http://npmjs.org/doc/README.html#Installing-on-Windows-Experimental
The install git link is dead so I hay have missed something but I installed git and got to:
git clone —recursive git://github.com/isaacs/npm.git
which gives the following error
Cloning into node_modules/abbrev.
error: error setting certificate verify locations:
CAfile: bincurl-ca-bundle.crt
CApath: none
while accessing https://github.com/isaacs/abbrev-js.git/info/refs
fatal: HTTP request failed
The text was updated successfully, but these errors were encountered:
Updated the instructions already. git config —system http.sslcainfo /bin/curl-ca-bundle.crt should make it work.
git config —global http.sslverify «false» will solve the problem
Thanks a ton . I also had the same problem and got that solved with the command you shared just now.Thanks a lot !!
Wow. Thanks @DedrickEnc worked like charm
It should be noted @DedrickEnc’s «solution» turns off the ssl verification and is a «work around» not a solution to the problem.
Thanks good response!
@DedrickEnc thanks ,your advice work !
@DedrickEnc, Thanks very much from Kiev!
@DedrickEnc You saved my hours. Thanks Man..
@DedrickEnc that worked, thanks!
@DedrickEnc, Thanks you so much!
@DedrickEnc , Thanks, but, what that command mean? Not clear why it work?
DedrickEnc’s response will work but it is ill advised to disable all SSL verification, you can specify specific paths to disable:
DISABLE ALL SSL
// or switch off ALL SSL checks completely by executing:
git config —system http.sslverify false
OR
//Set this in your config to disable it only for the GIVEN url and not for all requests
[http «https://weak.example.com»]
sslVerify = false
Also for me, the cert was just randomly in the wrong place. I made a dummy path to where my terminal thought my cert was, and copied and pasted my cert in there (in my case:
Источник
Bitbucket Support
Knowledge base
Products
Jira Software
Project and issue tracking
Jira Service Management
Service management and customer support
Jira Work Management
Manage any business project
Confluence
Bitbucket
Git code management
Resources
Documentation
Usage and admin help
Answers, support, and inspiration
Suggestions and bugs
Feature suggestions and bug reports
Marketplace
Billing and licensing
Frequently asked questions
Viewport
Confluence
SSL certificate problem: Unable to get local issuer certificate
Related content
Still need help?
The Atlassian Community is here for you.
Platform Notice: Cloud, Server, and Data Center — This article applies equally to all platforms .
Problem
The following is seen on the command line when pushing or pulling:
SSL Certificate problem: unable to get local issuer
Cause
There are two potential causes that have been identified for this issue.
- A Self-signed certificate cannot be verified.
- Default GIT crypto backend (Windows clients)
Resolution
Resolution #1 — Self Signed certificate
Workaround
Tell git to not perform the validation of the certificate using the global option:
Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporarily
Resolution — Client Side
Please notice that we refer to the Certificate Authority in this article by the acronym CA.
There are several ways this issue has been resolved previously. Below we suggest possible solutions that should be run on the client side:
- Ensure the root cert is added to git.exe’s certificate store. The location of this file will depend on how/where GIT was installed. For instance, the trusted certificate store directory for Git Bash is C:Program FilesGitmingw64sslcerts. This is also discussed on this Microsoft blog.
Tell Git where to find the CA bundle, either by running:
where /absolute/path/to/git/certificates is the path to where you placed the file that contains the CA certificate(s).
or by copying the CA bundle to the /bin directory and adding the following to the gitconfig file:
Ensure that the complete certificate chain is present in the CA bundle file, including the root cert.
Resolution — Server Side
This issue can also happen on configurations where Bitbucket Server is secured with an SSL-terminating connector rather than a proxy
- Ensure that the Java KeyStore has the entire certificate chain (Intermediate CA and Root CA)
- View the Certificate Chain Details inside the KeyStore using a tool like the KeyStore Explorer to check
Resolution #2 — Default GIT crypto backend
When using Windows, the problem resides that git by default uses the «Linux» crypto backend, so the GIT operation may not complete occasionally. Starting with Git for Windows 2.14, you can configure Git to use SChannel, the built-in Windows networking layer as the crypto backend. To do that, just run the following command in the GIT client:
This means that it will use the Windows certificate storage mechan ism and you don’t need t o explicitly configure the curl CA storage ( http.sslCAInfo ) mechanism.
The following is seen on the command line when pushing or pulling: SSL Certificate problem: unable to get local issuer. This error occurs when a self-signed certificate cannot be verified.
Источник
SSL certificate problem: self signed certificate in certificate chain #646
I am unable to push to git. I see that there have been changes and I’ve been upgrading to catch up, but I’m really stuck. I’m sorry to post this, I’ve been trying to figure it out.
$ git —version
git version 2.17.0.windows.1 // 64 bit
$ git credential-manager version
Git Credential Manager for Windows version 1.16.0
git push origin master
fatal: unable to access ‘https://github.com/Synaccord/synaccord.git/’: SSL certificate problem: self signed certificate in certificate chain
This use to work, but I understand github has gotten more strict about SSL. Fine. But I can’t seem to delete the old certificate and create a new one.
On Windows 10 (Home Version 1709 OS Build 16299.431) when I go to Settings and search for «Credential» I see «Credential Manager», «Manage Windows Credentials», and «Manage Web Credentials». When I click on «Credential Manager» (or any of the three) the list disappears and I’m back to the search option. Has credential management been removed from windows?
git credential-manager ‘delete https://github.com/Synaccord/synaccord.git/
It returns no error, and has no effect on the git push
git config —list //filtered
http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
http.sslbackend=openssl
credential.usehttppath=true
credential.helper=manager
http.sslbackend=openssl
credential.manager=—version
I’m stuck. Any ideas would be appreciated.
The text was updated successfully, but these errors were encountered:
Источник
Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Problem
When accessing a Git server (pushing or pulling new commits), we get an error:
Analysis
Apparently, the certificate of your Git server is not trusted.
This usually happens if the Git server is using a self-signed SSL certificate, a Let’s Encrypt certificate (which gets renewed every at least 3 months) or simply because the certificate is expired.
BEWARE: This error might also mean that the Git server’s certificate is forged!
Solution
There are basically 3 solutions to this issue:
- Turning off the SSL cert check – fast with a possible security risk
- Appending a certificate to the system wide trusted ones – requires a bit of effort but more proper
- Adding the certificate to the
Solution 1
The first “fast & dirty” solution is simply to disable the SSL certificate check. There are two approaches to achieve this:
First: By setting the GIT_SSL_NO_VERIFY environment variable by executing the following command:
You can set this also in your shell startup script (i.e.
/.bashrc in case of Bash).
Setting GIT_SSL_NO_VERIFY=true will apply to all repos you are using.
If you want to turn off SSL checks only for some repos you can prefix your command with GIT_SSL_NO_VERIFY=true, for example:
Second: By setting the http.sslVerify config value of the repo to false, like this:
This will disable SSL certificate check for a specific repo only.
WARNING: Please note that by turning SSL checks off you are exposing yourself to a possible security risk. While your connection will be SSL encrypted, the SSL certificate might be forged.
You can also disable SSL checking for all repos:
There is a -c switch which enables specific configuration parameter to be passed to git when cloning a repo:
If one wants to disable SSL checks for one specific git server hosting several repositories, one can run :
This should add the setting to the user’s configuration.
Solution 2
Add the certificate to the list of trusted certificates. Follow this:
1. Retrieve the certificate
Replace YOUR_HOST with the hostname or IP of your Git server.
2. Copy the certificate between and including the following enclosing tags:
3. Append the certificate to the file:
This file can have other locations too. Determine the location of the ca-certificates.crt file by running:
Or to automatize create a script shown below. Do not forget to replace YOUR_HOST with the hostname or IP of your Git server in the script.
As a prerequisite you might need to install the libcurl4-openssl-dev package:
Solution 3
One can add a certificate to trusted ones by adding the following into
where file.pem must contain a certificate either retrieved as described in Solution 2 or a self-signed one.
Or one can disable certificate verification by adding to
represents the user’s home directory.
Lastly one can disable SSL cert checks for a specific server:
Источник
Description
Upon importing a repository from an external source, a certificate error is seen in the logs.
Environment
Bitbucket version 6.10.0 and above running on Windows
Github
Summary
Getting below error in the application log while importing GitHub repository into Bitbucket.
2020-12-30 10:33:16,915 DEBUG [pool-8-thread-5] c.a.bitbucket.scm.BaseCommand Executed C:Program FilesGitbingit.exe -c gc.auto=0 fetch --force --prune --progress https://github.com/u-boot/u-boot.git +refs/*:refs/*
2020-12-30 10:33:16,915 ERROR [pool-8-thread-5] c.a.b.i.i.repository.RefSyncTask Failed to import repository: RMP/u-boot[1351]
com.atlassian.bitbucket.scm.CommandFailedException: 'C:Program FilesGitbingit.exe -c gc.auto=0 fetch --force --prune --progress https://github.com/u-boot/u-boot.git +refs/*:refs/*' exited with code 128 saying: fatal: unable to access 'https://github.com/u-boot/u-boot.git/': error setting certificate verify locations:
CAfile: C:/Program Files/Git/mingw64/libexec/ssl/certs/ca-bundle.crt
CApath: none
at com.atlassian.bitbucket.scm.DefaultCommandExitHandler.onError(DefaultCommandExitHandler.java:46)
at com.atlassian.bitbucket.scm.git.command.GitCommandExitHandler.evaluateThrowable(GitCommandExitHandler.java:104)
at com.atlassian.bitbucket.scm.git.command.GitCommandExitHandler.onError(GitCommandExitHandler.java:201)
at com.atlassian.bitbucket.scm.DefaultCommandExitHandler.onExit(DefaultCommandExitHandler.java:31)
at com.atlassian.stash.internal.scm.git.command.fetch.FetchExitHandler.onExit(FetchExitHandler.java:39)
at com.atlassian.bitbucket.scm.BaseCommand.callExitHandler(BaseCommand.java:153)
at com.atlassian.bitbucket.scm.BaseCommand$CommandFuture.internalGet(BaseCommand.java:287)
at com.atlassian.bitbucket.scm.BaseCommand$CommandFuture.get(BaseCommand.java:251)
at com.atlassian.bitbucket.scm.BaseCommand.call(BaseCommand.java:87)
at com.atlassian.stash.internal.scm.git.command.SimpleGitCommand.configureAndCall(SimpleGitCommand.java:84)
at com.atlassian.stash.internal.scm.git.command.fetch.MirrorSynchronizeCommand.call(MirrorSynchronizeCommand.java:121)
at com.atlassian.stash.internal.scm.git.command.fetch.MirrorSynchronizeCommand.call(MirrorSynchronizeCommand.java:38)
at com.atlassian.bitbucket.internal.importer.repository.RefSyncTask.syncRefs(RefSyncTask.java:118)
at com.atlassian.bitbucket.internal.importer.repository.RefSyncTask.importRepository(RefSyncTask.java:97)
at com.atlassian.stash.internal.user.DefaultEscalatedSecurityContext.call(DefaultEscalatedSecurityContext.java:58)
at com.atlassian.bitbucket.internal.importer.repository.RefSyncTask.call(RefSyncTask.java:62)
at com.atlassian.bitbucket.internal.importer.repository.RefSyncTask.call(RefSyncTask.java:35)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.lang.Thread.run(Unknown Source)
... 1 frame trimmed
Caused by: com.atlassian.utils.process.ProcessException: Non-zero exit code: 128
at com.atlassian.bitbucket.scm.SummarizingProcessHandler.complete(SummarizingProcessHCause
The above exception occurs because of the incorrect location of the ca-bundle.crt path. As Git is running in Windows, if the http.sslcainfo was not set then it expects to find the certificate store in the following path
C:/Program Files/Git/mingw64/libexec/ssl/certs/ca-bundle.crtbut the certificate store is actually installed to an incorrect path as shown below
C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crtIn order to fix this one must specify the proper certs path.
Resolution:
There are several ways to fix the issue. Here is the possible resolution that needs to run on the client-side:
A. Tell Git where to find the CA bundle by running the below command:
git config --system http.sslCAPath /absolute/path/to/git/certificatesOR
copy the CA bundle to the /bin directory and add the following to the gitconfig file:
sslCAinfo = /bin/curl-ca-bundle.crtB. Ensure the root cert is added to git.exe’s certificate store.
C. Ensure the complete CA is present, including the root cert.
D. Upgrade Git version.
E. Tell git to not perform the validation of the certificate using the global option:
git config --global http.sslVerify falseOpen
Issue created Oct 26, 2022 by
Christoph Keller@theoriginalgri
gitlab-runner 15.5.0 on macOS fails to clone repository: error setting certificate verify locations: CAfile…
Summary
After updating gitlab-runner vom 15.4.0 to 15.5.0, repository cloning starts failing.
Steps to reproduce
Start any job with gitlab-runner 15.5.0 on macOS. Our kubernetes runners with 15.5.0 have no problems.
In our particular case it’s a self-hosted gitlab 15.5.0 with a valid certificate provided by cloudflare. The certificate is valid for any prior gitlab-runner version as well as for curl, Safari etc.
Actual behavior
Errors appear: Reinitialized existing Git repository in /Users/ci/builds/nQMt-qB3/0/app/app/.git/ fatal: unable to access 'https://gitlab.mycompany.net/app/app.git/': error setting certificate verify locations: CAfile: /Users/ci/builds/nQMt-qB3/0/app/app.tmp/CI_SERVER_TLS_CA_FILE CApath: none
Expected behavior
Cloning works.
Relevant logs and/or screenshots
job log
Running with gitlab-runner 15.5.0 (0d4137b8)
on CI MacMini M1 Augsburg nQMt-qB3
Preparing the "shell" executor
00:00
Using Shell executor...
Preparing environment
00:00
Running on CI-MacMini-M1-Augsburg...
Getting source from Git repository
00:00
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /Users/ci/builds/nQMt-qB3/0/app/app/.git/
fatal: unable to access 'https://gitlab.mycompany.net/app/app.git/': error setting certificate verify locations: CAfile: /Users/ci/builds/nQMt-qB3/0/app/app.tmp/CI_SERVER_TLS_CA_FILE CApath: noneEnvironment description
macOS 12.6.1
amd64 and arm64 platforms (3 runners in total)
config.toml contents
concurrent = 2
check_interval = 0
sentry_dsn = "https://censored"
[session_server]
session_timeout = 1800
[[runners]]
name = "CI MacMini M1 Augsburg"
url = "https://gitlab.mycompany.net/"
token = "censored"
executor = "shell"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]Used GitLab Runner version
Version: 15.5.0
Git revision: 0d4137b8
Git branch: 15-5-stable
GO version: go1.19.2
Built: 2022-10-20T22:46:35+00:00
OS/Arch: darwin/arm64Possible fixes
-
Fall back to gitlab-runner 15.4.0 or 15.3.0
-
Upgrade to 15.5.1 and add
FF_RESOLVE_FULL_TLS_CHAIN = falseto your config:
[[runners]]
name = "ruby-2.7-docker"
url = "https://CI/"
token = "TOKEN"
executor = "docker"
[runners.feature_flags]
FF_RESOLVE_FULL_TLS_CHAIN = falseEdited Nov 11, 2022 by Stan Hu