Issue
- We can not connect by https to out git server, it returns a
Peer certificate cannot be authenticated with known CA certificates
message
stderr: fatal: unable to access 'https://git.example.com/user/repo.git/': Peer certificate cannot be authenticated with known CA certificates
Environment
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
- CloudBees CI (CloudBees Core) on traditional platforms - Client controller
- CloudBees Jenkins Enterprise - Managed controller
- CloudBees Jenkins Platform - Client controller
- CloudBees Jenkins Distribution
- Jenkins LTS
- Git plugin
Resolution
git uses curl to access the https servers so you need to import the certificate into the CA store of the system. The workaround is to define the environment variable GIT_SSL_NO_VERIFY=1 on your Agent environment variables.
to import the certificate on your system CA store the procedure depends on your OS:
debian/Ubuntu
openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt
sudo cp example_com.crt /usr/local/share/ca-certificates/example_com.crt
sudo update-ca-certificates
Red Hat Enterprise Linux/Fedora/Centos
openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt
sudo cp example_com.crt /etc/pki/ca-trust/source/example_com.crt
sudo update-ca-trust enable
sudo update-ca-trust extract
0 Comments