使用Git,是否有一种方法告诉它接受自签名证书?
我使用https服务器托管git服务器,但目前证书是自签名的。
当我第一次尝试在那里创建回购时:
git push origin master -f
我得到了错误:
error: Cannot access URL
https://the server/git.aspx/PocketReferences/, return code 22
fatal: git-http-push failed
使用Git,是否有一种方法告诉它接受自签名证书?
我使用https服务器托管git服务器,但目前证书是自签名的。
当我第一次尝试在那里创建回购时:
git push origin master -f
我得到了错误:
error: Cannot access URL
https://the server/git.aspx/PocketReferences/, return code 22
fatal: git-http-push failed
当前回答
永久地接受特定的证书
http。sslCAPath或http.sslCAInfo。Adam Spiers的回答给出了一些很好的例子。这是这个问题最可靠的解决办法。
禁用单个git命令的TLS/SSL验证
尝试将-c与正确的配置变量传递给git,或使用Flow的答案:
git -c http.sslVerify=false clone https://example.com/path/to/git
禁用所有存储库的SSL验证
可以全局禁用ssl验证。强烈建议不要这样做,但为了完整起见,这里提到了:
git config --global http.sslVerify false # Do NOT do this!
git中有相当多的SSL配置选项。从git配置的手册页:
http.sslVerify
Whether to verify the SSL certificate when fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_NO_VERIFY environment variable.
http.sslCAInfo
File containing the certificates to verify the peer with when fetching or pushing
over HTTPS. Can be overridden by the GIT_SSL_CAINFO environment variable.
http.sslCAPath
Path containing files with the CA certificates to verify the peer with when
fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_CAPATH environment variable.
其他一些有用的SSL配置选项:
http.sslCert
File containing the SSL certificate when fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_CERT environment variable.
http.sslKey
File containing the SSL private key when fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_KEY environment variable.
http.sslCertPasswordProtected
Enable git's password prompt for the SSL certificate. Otherwise OpenSSL will
prompt the user, possibly many times, if the certificate or private key is encrypted.
Can be overridden by the GIT_SSL_CERT_PASSWORD_PROTECTED environment variable.
其他回答
我的回答可能晚了,但对我有用。它可能会帮助某些人。
我尝试了上面提到的步骤,但没有解决问题。
试试这个git配置——global http。sslVerify假
我用的是windows电脑,这篇文章对我很有帮助。基本上我打开了ca-bundle。CRT在记事本和添加链证书在它(所有)。这个问题通常发生在公司网络中,我们在系统和git回购之间有中间人。我们需要导出证书链中除了base 64格式的leaf cert之外的所有证书,并将它们全部添加到ca-bundle中。然后为修改后的CRT文件配置git。
以下答案摘自迈克尔·考夫曼(Michael Kauffman)撰写的文章。
使用带有公司SSL证书的Git for Windows
问题:
如果你有一个公司SSL证书,想要从控制台或VSCode克隆你的repo,你会得到以下错误:
致命:无法访问“https://myserver/tfs/DefaultCollection/_git/Proj/”:SSL证书问题:无法获得本地颁发者证书
解决方案:
将根自签名证书导出到文件中。您可以在浏览器中完成此操作。 定位“ca-bundle”。crt”文件(当前版本C:\Program Files\Git\usr\ssl\certs,但在过去已更改)。将文件复制到您的用户配置文件。用文本编辑器(如VSCode)打开它,并将导出的证书的内容添加到文件的末尾。
现在我们必须配置git来使用新文件:
Git配置——global http。sslCAInfo C: /用户/ < yourname > / ca-bundle.crt
这将把以下条目添加到用户配置文件根目录下的.gitconfig文件中。
(http) sslCAInfo = C:/Users/<yourname>/ bat .crt
在Windows上,这对我来说很管用:
将自签名证书的内容添加到ca-bundle文件的末尾。包括-----BEGIN CERTIFICATE-----和-----END CERTIFICATE-----行
ca-bundle文件的位置通常是C:\Program Files\Git\mingw64\ssl\certs
然后,将ca-bundle文件的路径添加到全局git配置中。下面的命令可以做到这一点:git config——global http。sslCAInfo "C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt"
注意:路径依赖于ca-bundle文件的本地路径!
永久地接受特定的证书
http。sslCAPath或http.sslCAInfo。Adam Spiers的回答给出了一些很好的例子。这是这个问题最可靠的解决办法。
禁用单个git命令的TLS/SSL验证
尝试将-c与正确的配置变量传递给git,或使用Flow的答案:
git -c http.sslVerify=false clone https://example.com/path/to/git
禁用所有存储库的SSL验证
可以全局禁用ssl验证。强烈建议不要这样做,但为了完整起见,这里提到了:
git config --global http.sslVerify false # Do NOT do this!
git中有相当多的SSL配置选项。从git配置的手册页:
http.sslVerify
Whether to verify the SSL certificate when fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_NO_VERIFY environment variable.
http.sslCAInfo
File containing the certificates to verify the peer with when fetching or pushing
over HTTPS. Can be overridden by the GIT_SSL_CAINFO environment variable.
http.sslCAPath
Path containing files with the CA certificates to verify the peer with when
fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_CAPATH environment variable.
其他一些有用的SSL配置选项:
http.sslCert
File containing the SSL certificate when fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_CERT environment variable.
http.sslKey
File containing the SSL private key when fetching or pushing over HTTPS.
Can be overridden by the GIT_SSL_KEY environment variable.
http.sslCertPasswordProtected
Enable git's password prompt for the SSL certificate. Otherwise OpenSSL will
prompt the user, possibly many times, if the certificate or private key is encrypted.
Can be overridden by the GIT_SSL_CERT_PASSWORD_PROTECTED environment variable.