Having trouble with a CA signed SSL certificate - unable to get local issuer certificate

charles_blessing January 21, 2019

Hi,

I've found plenty of answers for how to fix this problem with a self-signed certificate, but I'm using a CA-signed certificate so I'm not entirely sure what's going wrong.

Running "git pull" from a windows machine results in the error:

"fatal: unable to access 'https://<url>:7990/bitbucket/scm/proj/<repository>.git/': SSL certificate problem: unable to get local issuer certificate"

Connecting via SourceTree results in the same error.

The machine running the bitbucket server is also running an apache server using the same certificate. I can access both the apache server and the bitbucket server with Chrome, IE and Edge on Windows and with Chrome and Safari on MacOS, with no SSL errors.

Running the same "git pull" from MacOS works without any errors both from the command line and through SourceTree.

Extra information:

  • Bitbucket server version: 5.16.0 (5016000)
  • SourceTree version: 3.0.13
  • Git version: 2.18.0 (embedded version), 2.16.0 (system version)
  • I only managed to get the SSL certificate working on Friday, and it appeared to be working okay. First thing this morning (Monday) I tried to pull and got this error.

Any help would be very gratefully received!

Kind regards,

Charles

2 answers

1 accepted

4 votes
Answer accepted
charles_blessing February 13, 2019

So that I can mark this question as having an answer, I'm copying the workaround instructions here:

  • Re-install the command-line version of git from https://git-scm.com/download/win
  • In the installation, select "Use the native Windows Secure Channel library" rather than the default "Use the OpenSLL Library" option.
  • In SourceTree, Tools->Options->Git, select "System" as the Git Version rather than "Embedded".
Gunther Zander February 11, 2022

Saved me from despairing. Thanks!

Maksim Osipenko September 1, 2022

This saved hours, if not days, of finding a solution to this problem and I logged in specifically to upvote this answer! Thank you!

0 votes
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 24, 2019

Hello Charles and welcome to the Community!

Looks like you have your Bitbucket setup using SSL almost without issue, minus the GIT and Sourcetree errors. The good news is it looks like a simple problem with the CA signed cert. There is a KB written just for this exact issue. The resolution within the KB is as follows:

There are several ways this issue has been resolved previously:

  1. Ensure the root cert is added to git.exe's certificate store as discussed here.
  2. Tell Git where to find the CA bundle by running:
  3. git config --system http.sslCAPath /absolute/path/to/git/certificates
    -- or copying the CA bundle to the /bin directory and adding the following to the gitconfigfile:
  1. sslCAinfo = /bin/curl-ca-bundle.crt
  2. Reinstalling Git.

  3. Ensuring that the complete CA is present, including the root cert.

Source KB: SSL certificate problem: Unable to get local issuer certificate

If you’re still having issues with GIT after following the above, please let us know and we’ll be happy to provide further help to get you up and running.

Regards,
Stephen Sifers

charles_blessing February 7, 2019

Hi Stephen,

Thanks for your reply - I've been away for a while so I apologise for the delay in getting back to you.  I tried option 1 but noticed that the root certificate is already in the certificate store - it's signed by the GlobalSign Root CA.

The git config variables appear to be pointing to the correct ca-bundle.crt file too, it's not that.

I tried updating to the latest version of git, both the bundled version in SourceTree and the command line version, but that didn't help either.

Finally, I tried reinstalling the command-line git but switched from the "Use the OpenSLL Library" to the "Use the native Windows Secure Channel library", then switched SourceTree to use the system version rather than the bundles version and that has finally got it working.

Kind regards,

Charles

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events