我用的是windows电脑，这篇文章对我很有帮助。基本上我打开了ca-bundle。CRT在记事本和添加链证书在它(所有)。这个问题通常发生在公司网络中，我们在系统和git回购之间有中间人。我们需要导出证书链中除了base 64格式的leaf cert之外的所有证书，并将它们全部添加到ca-bundle中。然后为修改后的CRT文件配置git。

我是这样做的:

git init
git config --global http.sslVerify false
git clone https://myurl/myrepo.git

它为我工作，只需运行以下命令

git config --global http.sslVerify false

它将打开一个git凭据窗口，提供您的凭据。第一次只有它问

在.gitconfig文件中，您可以添加以下给定值，以使自签名证书可接受

sslCAInfo = /home/XXXX/abc.crt

你可以将GIT_SSL_NO_VERIFY设置为true:

GIT_SSL_NO_VERIFY=true git clone https://example.com/path/to/git

或者配置Git不验证命令行上的连接:

git -c http.sslVerify=false clone https://example.com/path/to/git

请注意，如果您不验证SSL/TLS证书，那么您很容易受到MitM攻击。

I'm not a huge fan of the [EDIT: original versions of the] existing answers, because disabling security checks should be a last resort, not the first solution offered. Even though you cannot trust self-signed certificates on first receipt without some additional method of verification, using the certificate for subsequent git operations at least makes life a lot harder for attacks which only occur after you have downloaded the certificate. In other words, if the certificate you downloaded is genuine, then you're good from that point onwards. In contrast, if you simply disable verification then you are wide open to any kind of man-in-the-middle attack at any point.

举一个具体的例子:著名的repo.or.cz存储库提供了一个自签名证书。我可以下载这个文件，把它放在/etc/ssl/certs这样的地方，然后做:

# Initial clone
GIT_SSL_CAINFO=/etc/ssl/certs/rorcz_root_cert.pem \
    git clone https://repo.or.cz/org-mode.git

# Ensure all future interactions with origin remote also work
cd org-mode
git config http.sslCAInfo /etc/ssl/certs/rorcz_root_cert.pem

注意，在这里使用本地git配置(即不使用——global)意味着这个自签名证书只对这个特定的存储库受信任，这很好。它也比使用GIT_SSL_CAPATH更好，因为它消除了git通过不同的证书颁发机构进行验证的风险，这种风险可能会受到损害。