On Thu, 14 Jan 2016 02:17:07 -0800 (PST)
Bison Ravi <tcapa...@gmail.com> wrote:

> I have setup Git/GitLab on Debian 7.7
> I have configured GitLab for SSL.
> Now i am trying to connect to my Git project with GitGUI for Windows
> and i receive the following error: 
> fatal: unable to access 
> 'https://git.corp.group.local/bravi/project_test2.git/': SSL
> certificate problem: self signed certificate

I bet this error comes from the client-side Git instance, so your steps
(1) and (2) have no sense as the server has nothing to do with it.

> I have read a couple of posts about that issue and tried this command:
>    1. git config --system http.sslCAPath /etc/gitlab/ssl. The path
> above contains the Self-Signed certificate i have created for use
> with Gitlab. 
>    2. I also copied the crt file to ca-certifcates and ran the below 
>    command to add the CA as Trusted on the Git server
>  cp /etc/gitlab/ssl/remcorpgit01.corp.remarkgroup.local.crt 
> /usr/share/ca-certificates/
>  dpkg-reconfigure ca-certificates
>       3. I have installed the certificate on my local machine
> (Windows client)  in the Trusted Root Certificate store

This step is logically correct; unfortunately, it won't help: Git uses
libCURL for implementation of HTTP[S] transport, and that one is built
(assuming you're using Git for Windows as you tell us exactly zero
information about your client setup) to use a Windows port of the
OpenSSL library to provide SSL/TLS support.  OpenSSL knows nothing
about Windows certificate storage and uses a special plain-text file or
a directory to look up its certificates (both client and CA).

>From there, you can explore two venues:

* Run your Git client while having GIT_TRACE=1 and GIT_CURL_VERBOSE=1
  in the environment, like this:

    C:\> set GIT_TRACE=1
    C:\> set GIT_CURL_VERBOSE=1
    C:\> git fetch https://...

  This will make your Git client extra-chatty about what's going on.
  libCURL parts should print out what resources were used to look for

* Run `git help config` and read up on the http.ssl* group of settings
  (just search for the string "http.ssl" in the manual page).
  Some of them control places Git forces on libCURL/OpenSSL to use for
  certificate lookups.

You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to