我是这样做的:

git init
git config --global http.sslVerify false
git clone https://myurl/myrepo.git

I'm not a huge fan of the [EDIT: original versions of the] existing answers, because disabling security checks should be a last resort, not the first solution offered. Even though you cannot trust self-signed certificates on first receipt without some additional method of verification, using the certificate for subsequent git operations at least makes life a lot harder for attacks which only occur after you have downloaded the certificate. In other words, if the certificate you downloaded is genuine, then you're good from that point onwards. In contrast, if you simply disable verification then you are wide open to any kind of man-in-the-middle attack at any point.

举一个具体的例子:著名的repo.or.cz存储库提供了一个自签名证书。我可以下载这个文件，把它放在/etc/ssl/certs这样的地方，然后做:

# Initial clone
GIT_SSL_CAINFO=/etc/ssl/certs/rorcz_root_cert.pem \
    git clone https://repo.or.cz/org-mode.git

# Ensure all future interactions with origin remote also work
cd org-mode
git config http.sslCAInfo /etc/ssl/certs/rorcz_root_cert.pem

注意，在这里使用本地git配置(即不使用——global)意味着这个自签名证书只对这个特定的存储库受信任，这很好。它也比使用GIT_SSL_CAPATH更好，因为它消除了git通过不同的证书颁发机构进行验证的风险，这种风险可能会受到损害。

我经常遇到这个问题，所以写了一个脚本从服务器下载自签名证书并将其安装到~/。然后更新git-config以指向这些证书。它存储在全局配置中，因此每个远程只需要运行一次。

https://github.com/iwonbigbro/tools/blob/master/bin/git-remote-install-cert.sh

我是这样做的:

git init
git config --global http.sslVerify false
git clone https://myurl/myrepo.git

在Windows上，这对我来说很管用:

将自签名证书的内容添加到ca-bundle文件的末尾。包括-----BEGIN CERTIFICATE-----和-----END CERTIFICATE-----行

ca-bundle文件的位置通常是C:\Program Files\Git\mingw64\ssl\certs

然后，将ca-bundle文件的路径添加到全局git配置中。下面的命令可以做到这一点:git config——global http。sslCAInfo "C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt"

注意:路径依赖于ca-bundle文件的本地路径!

关于http。sslCAPath选项:如果在包含证书文件的目录上执行了OpenSSL c_rehash命令，git将只检测指定目录路径下的证书文件。c_rehash命令将为每个证书创建符号链接，其中链接的名称为哈希值。例如:

$ cd /path/to/ssl/cert/directory

$ ls -al

  total 16
  drwxr-xr-x  3 user  staff    96 Oct 20 13:47 .
  drwxr-xr-x  4 user  staff   128 Oct 20 13:46 ..
  -rw-r--r--  1 user  staff  4832 Oct 20 13:47 google.pem

$ /usr/local/opt/openssl@1.1/bin/c_rehash ./

  Doing ./

$ ls -al

  total 16
  drwxr-xr-x  4 user  staff   128 Oct 20 13:58 .
  drwxr-xr-x  4 user  staff   128 Oct 20 13:46 ..
  lrwxr-xr-x  1 user  staff    10 Oct 20 13:58 f6dbf7a7.0 -> google.pem
  -rw-r--r--  1 user  staff  4832 Oct 20 13:47 google.pem

注意，c_rehash命令创建了以下符号链接:f6dbf7a7.0 -> google.pem。

您还可以用下面的命令代替c_rehash实用程序，不过请注意，下面的命令只处理*。Pem文件，而c_rehash实用程序将处理.pem， .crt， .cer或.crl文件:

for file in *.pem; do ln -s $file `openssl x509 -hash -noout -in $file`.0; done

如果您现在配置http。将sslCAPath导入到包含上述符号链接的目录，git将获取证书文件:

# contents of /etc/gitconfig
[http]
        sslCAPath = /path/to/ssl/cert/directory/

也可以配置http。sslCAPath使用一个环境变量:

export GIT_SSL_CAPATH=/path/to/ssl/cert/directory/