How to import a ca cert to use with git https connections?

Issue

  • We can not connect by https to out git server, it returns a Peer certificate cannot be authenticated with known CA certificates message
stderr: fatal: unable to access 'https://git.example.com/user/repo.git/': Peer certificate cannot be authenticated with known CA certificates

Environment

  • CloudBees Jenkins Enterprise - Managed Master (CJEMM)
  • CloudBees Jenkins Team (CJT)
  • CloudBees Jenkins Platform - Client Master (CJPCM)
  • DEV@cloud (D@C)
  • Git plugin

Resolution

git uses curl to access the https servers so you need to import the certificate into the CA store of the system. The workaround is to define the environment variable GIT_SSL_NO_VERIFY=1 on your Agent environment variables.
to import the certificate on your system CA store the procedure depends on your OS:

## debian/Ubuntu

openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt
sudo cp example_com.crt /usr/local/share/ca-certificates/example_com.crt
sudo update-ca-certificates

update-ca-certificates

Red Hat Enterprise Linux/Fedora/Centos

openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt
sudo cp example_com.crt /etc/pki/ca-trust/source/example_com.crt
sudo update-ca-trust enable
sudo update-ca-trust extract

update-ca-trust

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.