在Windows上使用64位版本的Git，只需将自签名CA证书添加到这些文件中:

C:\Program Files\Git\mingw64\ssl\certs\ ca-bundle.crt C:\Program Files\Git\mingw64\ssl\certs\ ca-bundle.trust.crt

如果它只是一个服务器自签名证书，请将其添加到

C:\Program Files\Git\mingw64\ssl\cert.pem

在.gitconfig文件中，您可以添加以下给定值，以使自签名证书可接受

sslCAInfo = /home/XXXX/abc.crt

设置http不是一个好的做法。sslVerify假。 相反，我们可以使用SSL证书。

因此，构建代理将使用https与SSL证书和PAT进行身份验证。

复制cer文件的内容，包括- begin -和-end——。

Git bash build agent => Git配置-global http。sslcainfo " C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt " 转到该文件并添加.cer内容。

因此，构建代理可以访问SSL证书

永久地接受特定的证书

http。sslCAPath或http.sslCAInfo。Adam Spiers的回答给出了一些很好的例子。这是这个问题最可靠的解决办法。

禁用单个git命令的TLS/SSL验证

尝试将-c与正确的配置变量传递给git，或使用Flow的答案:

git -c http.sslVerify=false clone https://example.com/path/to/git

禁用所有存储库的SSL验证

可以全局禁用ssl验证。强烈建议不要这样做，但为了完整起见，这里提到了:

git config --global http.sslVerify false # Do NOT do this!

git中有相当多的SSL配置选项。从git配置的手册页:

http.sslVerify
    Whether to verify the SSL certificate when fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_NO_VERIFY environment variable.

http.sslCAInfo
    File containing the certificates to verify the peer with when fetching or pushing
    over HTTPS. Can be overridden by the GIT_SSL_CAINFO environment variable.

http.sslCAPath
    Path containing files with the CA certificates to verify the peer with when
    fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_CAPATH environment variable.

其他一些有用的SSL配置选项:

http.sslCert
    File containing the SSL certificate when fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_CERT environment variable.

http.sslKey
    File containing the SSL private key when fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_KEY environment variable.

http.sslCertPasswordProtected
    Enable git's password prompt for the SSL certificate. Otherwise OpenSSL will
    prompt the user, possibly many times, if the certificate or private key is encrypted.
    Can be overridden by the GIT_SSL_CERT_PASSWORD_PROTECTED environment variable.

它为我工作，只需运行以下命令

git config --global http.sslVerify false

它将打开一个git凭据窗口，提供您的凭据。第一次只有它问

在使用sslKey或sslCert使用一行程序时要小心，如Josh Peak的回答所示:

git clone -c http.sslCAPath="/path/to/selfCA" \
  -c http.sslCAInfo="/path/to/selfCA/self-signed-certificate.crt" \
  -c http.sslVerify=1 \
  -c http.sslCert="/path/to/privatekey/myprivatecert.pem" \
  -c http.sslCertPasswordProtected=0 \
https://mygit.server.com/projects/myproject.git myproject

只有Git 2.14.x/2.15(2015年Q3)能够正确地解释~username/mykey这样的路径(同时它仍然可以解释/path/to/privatekey这样的绝对路径)。

参见Junio C Hamano (gitster)提交的8d15496(2017年7月20日)。 资助人:查尔斯·贝利(hashpling)。 (由Junio C Hamano合并- gitster -在commit 17b1e1d, 2017年8月11日)

http.c: http.sslcert and http.sslkey are both pathnames Back when the modern http_options() codepath was created to parse various http.* options at 29508e1 ("Isolate shared HTTP request functionality", 2005-11-18, Git 0.99.9k), and then later was corrected for interation between the multiple configuration files in 7059cd9 ("http_init(): Fix config file parsing", 2009-03-09, Git 1.6.3-rc0), we parsed configuration variables like http.sslkey, http.sslcert as plain vanilla strings, because git_config_pathname() that understands "~[username]/" prefix did not exist. Later, we converted some of them (namely, http.sslCAPath and http.sslCAInfo) to use the function, and added variables like http.cookeyFile http.pinnedpubkey to use the function from the beginning. Because of that, these variables all understand "~[username]/" prefix. Make the remaining two variables, http.sslcert and http.sslkey, also aware of the convention, as they are both clearly pathnames to files.