server certificate verification failed CAfile etc ssl certs ca-certificates crt CRLfile none

Question

I can push by clone project using ssh  but it doesn t work when I clone project with https   The error message that shows me is   server certificate verification failed  CAfile   etc ssl certs cacertificates crt CRLfile  none

User · Answer

GIT CURL VERBOSE 1 git  clone fetch       should tell you where the problem is   In my case it was due to cURL not supporting PEM certificates when built against NSS  due to that support not being mainline in NSS   726116  804215  402712 and more

User · Answer

I faced the problem with my Jenkins  When I have renewed the certificate I started facing this error  stderr fatal  unable to access server certificate verification failed  CAfile   etc ssl certs ca-certificates crt  So I have added my new certificate in the following file   etc ssl certs ca-certificates crt  The content of that file looks like this  -----BEGIN CERTIFICATE----- blahblha -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- blahblha -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- blahblha -----END CERTIFICATE-----  Just append your certificate in the bottom  -----BEGIN CERTIFICATE----- blahblha -----END CERTIFICATE-----

User · Answer

Had same problem  Caused by self issued certificate authority  Solved it by adding  pem file to  usr local share ca-certificates  and calling   sudo update-ca-certificates   PS  pem file in folder   share ca-certificates MUST have extension  crt

User · Answer

Have the certificate and bundle copied in one  crt file and make sure that there is a blank line between the certificates in the file   This worked for me on a GitLab server after trying everything on the Internet

User · Answer

Another cause of this problem might be that your clock might be off   Certificates are time sensitive   To check the current system time   date -R   You might consider installing NTP to automatically sync the system time with trusted internet timeservers from the global NTP pool  For example  to install on Debian Ubuntu   apt-get install ntp

User · Answer

If you are using a git server inside a private network and are using a self-signed certificate or a certificate over an IP address   you may also simply use the git global config to disable the ssl checks   git config --global http sslverify  false

User · Answer

What i did to solve this problem in the terminal Ubuntu 18 04    openssl s client -showcerts -servername www github com -connect www github com 443   I got two chunks of certificate chunks  And i copied the certificate chunks to my certificate file to  etc ssl certs ca-certificates crt

User · Answer

What worked for me when trying to git clone inside of a Dockerfile was to fetch the SSL certificate and add it to the local certificate list  openssl s client -showcerts -servername git mycompany com -connect git mycompany com 443  lt  dev null 2 gt  dev null   sed -n -e   BEGIN  CERTIFICATE   END  CERTIFICATE  p    gt  git-mycompany-com pem  cat git-mycompany-com pem   sudo tee -a  etc ssl certs ca-certificates crt  Credits  https   fabianlee org 2019 01 28 git-client-error-server-certificate-verification-failed

User · Answer

Check your system clock     date      If it s not correct the certificate check will fail  To correct the system clock     apt-get install ntp      The clock should synchronise itself   Finally enter the clone command again

User · Answer

The first thing you should check for is the file permission of  etc ssl and  etc ssl certs   I made the mistake of dropping file permissions  or blowing away the SSL rm -rf  etc ssl   directories  when using ssl-cert group name ID while working on my Certificate Authority Management Tool   It was then that I noticed the exact same error message for wget and curl CLI browser tools   server certificate verification failed  CAfile   etc ssl certs ca-certificates crt CRLfile  none   Once I brought the  etc ssl and  etc ssl cert directories  file permission up to o rx-w  those CLI browser tools started to breath a bit easier   mkdir -p  etc ssl certs chmod u rwx go rx  etc ssl  etc ssl certs   I also had to recreate Java subdirectory and reconstruct the Trusted CA certificate directories   mkdir  etc ssl certs java chmod u rwx go rx  etc ssl certs java update-ca-certificates   and the coast was clear

User · Answer

Eventually  add the http sslverify to your  git config    core      repositoryformatversion   0     filemode   true     bare   false     logallrefupdates   true  remote  origin       url   https   server user project git     fetch    refs heads   refs remotes origin    branch  master       remote   origin     merge   refs heads master  http          sslVerify   false

User · Answer

I installed Xubuntu on a Raspberry pi 2  found the same issue with time  as NTP and Automatic Server sync was off  or not installed    Get NTP  sudo apt-get install ntp   and change the  Time and Date  from  Manual  to  Keep synchronized with Internet Servers

User · Answer

TLDR   hostname XXX port 443 trust cert file location  curl-config --ca   sudo bash -c  echo -n   openssl s client -showcerts -connect  hostname  port -servername  hostname       2 gt  dev null    sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p          gt  gt   trust cert file location    Long answer  The basic reason is that your computer doesn t trust the certificate authority that signed the certificate used on the Gitlab server  This doesn t mean the certificate is suspicious  but it could be self-signed or signed by an institution company that isn t in the list of your OS s list of CAs  What you have to do to circumvent the problem on your computer is telling it to trust that certificate - if you don t have any reason to be suspicious about it   You need to check the web certificate used for your gitLab server  and add it to your  lt  git installation folder gt  bin curl-ca-bundle crt   To check if at least the clone works without checking said certificate  you can set   export GIT SSL NO VERIFY 1  or git config --global http sslverify false   But that would be for testing only  as illustrated in  SSL works with browser  wget  and curl  but fails with git   or in this blog post   Check your GitLab settings  a in issue 4272     To get that certificate  that you would need to add to your curl-ca-bundle crt file   type a   echo -n   openssl s client -showcerts -connect yourserver com YourHttpsGitlabPort     2 gt  dev null    sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p     with  yourserver com  being your GitLab server name  and YourHttpsGitlabPort is the https port  usually 443   To check the CA  Certificate Authority issuer   type a   echo -n   openssl s client -showcerts -connect yourserver com YourHttpsGilabPort     2 gt  dev null    sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p        openssl x509 -noout -text   grep  CA Issuers    head -1   Note  Valeriy Katkov suggests in the comments to add -servername option to the openssl command  otherwise the command isn t showed certificate for www github com in Valeriy s case    openssl s client -showcerts -servername www github com -connect www github com 443      Findekano adds in the comments      to identify the location of curl-ca-bundle crt  you could use the command    curl-config --ca     Also  see my more recent answer  github  server certificate verification failed   you might have to renistall those certificates   sudo apt-get install --reinstall ca-certificates sudo mkdir  usr local share ca-certificates cacert org sudo wget -P  usr local share ca-certificates cacert org http   www cacert org certs root crt http   www cacert org certs class3 crt sudo update-ca-certificates git config --global http sslCAinfo  etc ssl certs ca-certificates crt

User · Answer

I messed up with my CA files while I setup up goagent proxy  Can t pull data from github  and get the same warning      server certificate verification failed  CAfile   etc ssl certs ca-certificates crt CRLfile  none   use Vonc s method  get the certificate from github  and put it into  etc ssl certs ca-certificates crt  problem solved       echo -n   openssl s client -showcerts -connect github com 443 2  dev null    sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p

User · Answer

Note  This has major security implications    Open your terminal and run following command   export GIT SSL NO VERIFY 1   It works for me and I am using Linux system

User · Answer

I just encountered the very same problem with a git repository which always works for me  The problem was that I accessed it through public WiFi access  which redirects to a captive portal upon the first connection  for example to show ads and agree with tos

User · Answer

there is no need to set git ssl verification to set to false  It is caused when the system does not have the all CA authority certificates  Mostly people who have genuine SSL certificate missing the intermediate certificate    Just adding the complete text of intermediate certificate  whole chain of missing CA and intermediate certificate   to    sudo gedit  etc ssl certs ca-certificates crt    works without running the update-ca-certificates   Same goes for manually generated certificates  just add the CA certificate text   At the end   Push successful  Everything is up-to-date

User · Answer

Or simply run this comment to add the server Certificate to your database   echo   echo -n   openssl s client -showcerts -connect yourserver com YourHttpGilabPort 2 gt  dev null    sed -ne   -BEGIN CERTIFICATE-   -END CERTIFICATE- p    gt  gt   etc ssl certs ca-certificates crt   Then do git clone again

[certificate] server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Examples related to certificate

Examples related to ssl-certificate

Examples related to gitlab