Issue
- We can not connect by https to out git server, it returns a
Peer certificate cannot be authenticated with known CA certificatesmessage
stderr: fatal: unable to access 'https://git.example.com/user/repo.git/': Peer certificate cannot be authenticated with known CA certificates
Environment
- CloudBees Core on modern cloud platforms - Managed Master
- CloudBees Core on traditional platforms - Client Master
- CloudBees Jenkins Enterprise - Managed Master
- CloudBees Jenkins Platform - Client Master
- CloudBees Jenkins Distribution
- Jenkins LTS
- Git plugin
Resolution
git uses curl to access the https servers so you need to import the certificate into the CA store of the system. The workaround is to define the environment variable GIT_SSL_NO_VERIFY=1 on your Agent environment variables.
to import the certificate on your system CA store the procedure depends on your OS:
debian/Ubuntu
openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt
sudo cp example_com.crt /usr/local/share/ca-certificates/example_com.crt
sudo update-ca-certificates
Red Hat Enterprise Linux/Fedora/Centos
openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt
sudo cp example_com.crt /etc/pki/ca-trust/source/example_com.crt
sudo update-ca-trust enable
sudo update-ca-trust extract
0 Comments