I am using Git on Windows. I installed the msysGit package. My test repository has a self signed certificate at the server. I can access and use the repository using HTTP without problems. Moving to HTTPS gives the error:
SSL Certificate problem: unable to get local issuer certificate.
I have the self signed certificate installed in the Trusted Root Certification Authorities of my Windows 7 – client machine. I can browse to the HTTPS repository URL in Internet Explorer with no error messages.
This blog post by Philip Kelley explained that cURL does not use the client machine’s certificate store. I followed the blog post’s advice to create a private copy of curl-ca-bundle.crt and configure Git to use it. I am sure Git is using my copy. If I rename the copy; Git complains the file is missing.
I pasted in my certificate, as mentioned in the blog post, I still get the message “unable to get local issuer certificate”.
I verified that Git was still working by cloning a GitHub Repository via HTTPS.
The only thing I see that’s different to the blog post is that my certificate is the root – there is no chain to reach it. My certificate originally came from clicking the IIS8 IIS Manager link ‘Create Self Signed Certificate’. Maybe that makes a certificate different in some way to what cURL expects.
How can I get Git/cURL to accept the self signed certificate?
26 s
The problem is that git by default using the “Linux” crypto backend.
Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer as the crypto backend. This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx
Just execute:
git config --global http.sslbackend schannel
That should help.
Using schannel is by now the standard setting when installing git for Windows, also it is recommended to not checkout repositories by SSH anmore if possible, as https is easier to configure and less likely to be blocked by a firewall it means less chance of failure.
