Bitbucket Support

Knowledge base

Products

Jira Software

Project and issue tracking

Jira Service Management

Service management and customer support

Jira Core

Manage any business project

Confluence

Bitbucket

Git code management

Resources

Documentation

Usage and admin help

Community

Answers, support, and inspiration

Suggestions and bugs

Feature suggestions and bug reports

Marketplace

Billing and licensing

Frequently asked questions

Viewport

Confluence

SSL certificate problem: Unable to get local issuer certificate

Related content

Still need help?

The Atlassian Community is here for you.

Platform Notice: Server and Data Center Only — This article only applies to Atlassian products on the server and data center platforms .

Problem

The following is seen on the command line when pushing or pulling:

SSL Certificate problem: unable to get local issuer

Cause

This error occurs when a self-signed certificate cannot be verified.

Workaround

Tell git to not perform the validation of the certificate using the global option:

git config —global http.sslVerify false

Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporarily

There are several ways this issue has been resolved previously. Below we suggest a possible resolution that should be run on the client side:

A. Ensure the root cert is added to git.exe’s certificate store.

B. Tell Git where to find the CA bundle by running:

Проблема с SSL при клонировании хранилища

В в git version 2.5.0.windows.1 пытаюсь клонировать хранилище:

Cloning into ‘project-core’.
fatal: unable to access ‘https://gitlab1645.mydomen.com:8888/project/project-core.git/’: SSL certificate problem: unable to get local issuer certificate

Как это победить?

2 ответа 2

Есть несколько вариантов:

Использовать SSH при работе с git

Отключить проверку ssl сертификата при клонировании

Отключить проверку ssl сертификата глобально

Если сертификат самоподписанный — найти инструкцию по добавлению самоподписанного сертификата в доверенные.

Еще вот вариант

git config —global http.sslbackend schannel

Вот в оригинале, SSL отключать плохой вариант.

The problem is that git by default using the «Linux» crypto backend.

Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer as the crypto backend. This means that you it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx

git config —global http.sslbackend schannel That should helps.

Using schannel is by now the standard setting when installing git for windows, also it is recommended to not checkout repositories by SSH anmore if possible, as https is easier to configure and less likely to be blocked by a firewall it means less chance of failure.

SSL certificate issue unable to get local issuer certificate

I’m trying to post data to a payment gateway API. It required post data in xml format. I have the following code:

Output of var_dump($content); is empty » .

Output of var_dump(curl_getinfo($ch)); .

array (size=26)
‘url’ => string ‘https://api.given.bypg’
‘content_type’ => null
‘http_code’ => int 0
‘header_size’ => int 0
‘request_size’ => int 0
‘filetime’ => int -1
‘ssl_verify_result’ => int 1
‘redirect_count’ => int 0
‘total_time’ => float 0.488533
‘namelookup_time’ => float 0.028558
‘connect_time’ => float 0.256858
‘pretransfer_time’ => float 0
‘size_upload’ => float 0
‘size_download’ => float 0
‘speed_download’ => float 0
‘speed_upload’ => float 0
‘download_content_length’ => float -1
‘upload_content_length’ => float -1
‘starttransfer_time’ => float 0
‘redirect_time’ => float 0
‘redirect_url’ => string » (length=0)
‘primary_ip’ => string ‘91.227.244.57’ (length=13)
‘certinfo’ =>
array (size=0)
empty
‘primary_port’ => int 8444
‘local_ip’ => string ‘192.168.100.64’ (length=14)
‘local_port’ => int 53456

Ouput of var_dump(curl_errno($ch)); : int 60

Output of var_dump(curl_error($ch)); :

string ‘SSL certificate problem: unable to get local issuer certificate’ (length=63) It seems like the API is returning no data as seen on curl_getinfo(). Please help me, I have seen almost every solution suggested in communities.

SourceTree and Stash: Unable to get local issuer certificate

We have Atlassian Stash installed on a Windows 2008R2 server, and for the most part everything is working nicely. We have an SSL certificate issued by our local on-premise CA and a DNS entry set up so we can go to https://stash/ and it works quite nicely, except in Firefox where it throws a warning (related?).

When using Atlassian’s Sourcetree we can navigate and choose a repository, but when we try to clone it we get the following error:

fatal: unable to access https://user@url/scm/etc/etc.git : SSL certificate problem: unable to get local issuer certificate

I get the same error if I try if from the git bash as well. Based on this error, I’ve tried following the instructions on adding the SSL certificate to the Git as also found on their website, including what is in the comments, to no avail. I have exported the cert through Firefox and through the MMC certificate snap-in, gotten the same results and put it in its own file, combined with the curl file, and no matter what keep getting this error. I have yet to try getting it to work with SSH keys yet since I was hoping to make this easier for my team.

I also tried using ssh myserver and accepting the connection, and I entered my password and restarted; still the same error.

I do not want to simply ignore certificate validation either, since that seems a bit pointless, then.

How can I get this working with our CA-issued cert?

‘SSL certificate problem: unable to get local issuer certificate’ when trying to clone repos #3684

Comments

azumukupoe commented Dec 26, 2017

Description

[Cannot clone repositories]

Version

GitHub Desktop version: [1.0.11]

OS version: [Microsoft Windows [Version 10.0.17063.1000]]

Steps to Reproduce

1. [Clone a Repository]
2. [Choose a repository]
3. [and so on]

Expected behavior: [Repository cloned]

Actual behavior: [Cloning into ‘path’.
fatal: unable to access ‘url’: SSL certificate problem: unable to get local issuer certificate]

Reproduces how often: [100%]

Additional Information

The text was updated successfully, but these errors were encountered:

shiftkey commented Dec 26, 2017

@azumukupoe could you share your Git configuration value by opening a command line and running this command?

azumukupoe commented Dec 26, 2017 •

file:»C:\ProgramData/Git/config» core.symlinks=true
file:»C:\ProgramData/Git/config» core.autocrlf=true
file:»C:\ProgramData/Git/config» core.fscache=true
file:»C:\ProgramData/Git/config» color.diff=auto
file:»C:\ProgramData/Git/config» color.status=auto
file:»C:\ProgramData/Git/config» color.branch=auto
file:»C:\ProgramData/Git/config» color.interactive=true
file:»C:\ProgramData/Git/config» help.format=html
file:»C:\ProgramData/Git/config» rebase.autosquash=true
file:»C:\Program Files\Git\mingw64/etc/gitconfig» http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
file:»C:\Program Files\Git\mingw64/etc/gitconfig» http.sslbackend=schannel
file:»C:\Program Files\Git\mingw64/etc/gitconfig» diff.astextplain.textconv=astextplain
file:»C:\Program Files\Git\mingw64/etc/gitconfig» filter.lfs.clean=git-lfs clean — %f
file:»C:\Program Files\Git\mingw64/etc/gitconfig» filter.lfs.smudge=git-lfs smudge — %f
file:»C:\Program Files\Git\mingw64/etc/gitconfig» filter.lfs.process=git-lfs filter-process
file:»C:\Program Files\Git\mingw64/etc/gitconfig» filter.lfs.required=true
file:»C:\Program Files\Git\mingw64/etc/gitconfig» credential.helper=manager
file:»C:\Program Files\Git\mingw64/etc/gitconfig» core.editor=nano.exe
file:C:/Users/azumu/.gitconfig filter.lfs.required=true
file:C:/Users/azumu/.gitconfig filter.lfs.clean=git-lfs clean — %f
file:C:/Users/azumu/.gitconfig filter.lfs.smudge=git-lfs smudge — %f
file:C:/Users/azumu/.gitconfig filter.lfs.process=git-lfs filter-process
file:C:/Users/azumu/.gitconfig user.name=azumukupoe
file:C:/Users/azumu/.gitconfig user.email=azumukupoe1999@gmail.com
file:C:/Users/azumu/.gitconfig winupdater.recentlyseenversion=2.15.1.windows.2
file:C:/Users/azumu/.gitconfig http.sslbackend=openssl

shiftkey commented Dec 26, 2017

I think I know what’s going on, but I haven’t had a chance to test this out.

Your Git for Windows has a system Git configuration with these values:

GitHub Desktop won’t see these values, as it has it’s own system configuration file with http.sslbackend=schannel set. This means it’ll use the Windows Certificate Store to validate server certificates.

/.gitconfig you’ve set http.sslbackend back to the classic openssl . GitHub Desktop will use these values, but without also setting http.sslcainfo it’s going to fail on all clones — because no backing store is found for Desktop.

So you have two options:

• if you don’t need to set http.sslbackend=openssl globally, removing that value should make Desktop work
• if you need http.sslbackend=openssl set globally, you should also set http.sslcainfo so that GitHub Desktop has a backing store of certificates to validate

Let me know if you have any other questions!