Using git internally to access an external git repository? Behind a corporate proxy that has an self signed CA cert? Is git complaining about ‘SSL certificate problem: unable to get local issuer certificate’? Here ya go.
- Get the self-signed cert in a base 64 encoded file.
- git config http.sslCAInfo “path/to/that/file.cer”
You will hear a lot about setting
http.sslVerifyto false. Please don’t do this. If you leave the environment having the self-signed cert then git will not be verifying any TLS/SSL traffic, opening you up to man in the middle attacks.
You need to get the self-signed certificate in a base 64 encoded file. There are a couple ways to do this depending on your situation.
This may be typical for corporate environments. Easy to tell, if git complains about self-signed cert but your Chrome or Edge browser doesn’t complain then it’s likely the cert is already on your computer.
Where above may need to be modified to find the appropriate cert in your cert store.
git config http.sslCAInfo "path-to-file-above.cer"
I must thank Philip Kelly for posting an article on this exact situation back in 2014. I also want to say thank you to Alejandro Campos Magencio for the post on getting the certificate chain. I put those two together with the exporting of the certifcate to a file to produce this post.