When I run something like:
git clone https://gitlab.mydoman.com/test.git
from part of the clients, I get the error:
Peer's Certificate issuer is not recognized
I saw 2 main solution:
1. User can set
export GIT_SSL_NO_VERIFY=true
2. to install root certificates
I would like to solve the problem to all the users.
I did not understood how to install the root certificate and where I configure Gitlab to use it. Is there url to clear instruction?
Thanks.
Related
I'm using Windows 10 using Git Bash.
My company's laptop uses Zscaler and I've trying to get nvs from this repository:
https://github.com/jasongin/nvs#nvs-node-version-switcher
export NVS_HOME="$HOME/.nvs"
git clone https://github.com/jasongin/nvs "$NVS_HOME"
. "$NVS_HOME/nvs.sh" install
The first issue I got was error 60:
cURL error 60: SSL certificate problem: unable to get local issuer certificate and send me to cURL documentation.
These errors are potentially caused by Zscaler. I went to this website: https://help.zscaler.com/zia/adding-custom-certificate-application-specific-trusted-store and added the CA following this:
Exporting Zscaler root certificate
You will need to export the Zscaler root certificate to be able to add it to application custom trust store. To do this with Chrome follow the steps below. Different browsers will have different ways of doing this, google as required.
Settings
Privacy and Security
Manage Certificates
Trusted Root Certification Authorities
Select Zscaler Root CA
Export using the Wizard (DER .cer format)
I converted from .cer to .pem
Then added the cacert certification:
echo "cacert=<Path to Certificate>/ZscalerRootCA.pem" >> $HOME/.curlrc
After doing that, the new error I got is this:
curl: (77) error setting certificate verify locations: CAfile: /c/Users/xxx/CAZscaller/rootAM.pem CApath: none
Failed to download node binary.
If anyone has any idea on how can I fix this and finally get access to nvs I really appreciated. (Please note I'm not using PHP).
I used JGIT to clone a repo from bitbucket using HTTPS method which worked fine.
But I am trying to do is do a git pull from command Line from the cloned repo. When this is done i am getting fatal: unable to access 'https://cedt-icg-bitbucket.********.git/': SSL certificate problem: self signed certificate in certificate chain
I don't want to use the suggested git -c http.sslVerify=false to solve as its not safe as its a private repo.
Any suggestions? please
FYI my certificate is trusted by GeoTrust SSL CA.
I do the following command :
npm adduser --registry https://npm.****.fr and the error thrown is UNABLE_TO_VERIFY_LEAF_SIGNATURE.
I did a lot of test to fix it.
I try with curl and fix the issue by adding my website CRT on system (/usr/share/ca-certificates/extra/***.crt then dpkg-reconfigure ca-certificates). The same error occured on NPM.
I try to specify option ca, cafile, cert, nothing change.
If I provide the option strictssl=false, it works but I don't really like this option...
Any ideas ?
I had a similar issue, following command did the trick:
npm config set strict-ssl false
export NODE_TLS_REJECT_UNAUTHORIZED=0
I fix it by adding the CA certificate to my server.
Indeed it's the CA certificate missing, not the website certificate. But it is strange that GeoTrust SSL CA is not provide with apt-get install ca-certificates.
When I try to checkout from a local Github then I get a SSL certificate error "fatal: unable to access ... SSL certificate problem: unable to get local issuer certificate". However the server's certificate is known to Webstorm (9.0.0). I also checked the "automatically accept certificates" box.
How can I analyze / fix this issue?
By now I found out that this is not a Webstorm issue at all. Git did not want to checkout from the commandline either. I followed the solution from here. Once Git was able to clone Webstorm was also able to clone. Obviously this is because Webstorm reuses the git configuration.
Is it possible to use pip with a requirements file to install from a Mercurial repository which needs to be accessed using --insecure in order to work.
The repository is accessed via SSL, and due to pip ignoring Server Name Indication (SNI), a valid SSL certificate is not being honoured (it uses the main certificate for the IP address). --insecure gets round this issue
ie:
hg clone https://username#domain.org/username/app_name --insecure
So where you can usually do something like this:
pip install -e hg+https://username#domain.org/username/app_name#egg=app_name
or have the following in a pip requirements file:
hg+https://username#domain.org/username/app_name#egg=app_name
Neither of these work due to the SSL SNI issue.
Does anyone have any good suggestions?
Why don't you try to use [hostfingerprints] in your ~/.hgrc?
For example:
[hostfingerprints]
example.com = 38:76:52:7c:87:26:9a:8f:4a:f8:d3:de:08:45:3b:ea:d6:4b:ee:cc
To obtain the self-signed certificate, follow the steps suggested in https://www.mercurial-scm.org/wiki/CACertificates
The root CA certificate for a server can for example be retrieved with
Firefox. Browse to https://example.com/repo and verify that this is the
repository you trust, click the lock symbol in the lower right corner,
View Certificate, Details, select the certificate at the top of the
Certificate Hierarchy, Export, "X.509 Certificate (PEM)" and save
somewhere for example as server.pem. With other browsers on Windows
you have to view the certificate at the top of the Certification Path
and "Copy to File" as "Base-64 encoded X.509 (.CER)". Several such
files can be concatenated into one cacerts file.