Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,466,932
Community Members
 
Community Events
176
Community Groups

Having trouble with a CA signed SSL certificate - unable to get local issuer certificate

Hi,

I've found plenty of answers for how to fix this problem with a self-signed certificate, but I'm using a CA-signed certificate so I'm not entirely sure what's going wrong.

Running "git pull" from a windows machine results in the error:

"fatal: unable to access 'https://<url>:7990/bitbucket/scm/proj/<repository>.git/': SSL certificate problem: unable to get local issuer certificate"

Connecting via SourceTree results in the same error.

The machine running the bitbucket server is also running an apache server using the same certificate. I can access both the apache server and the bitbucket server with Chrome, IE and Edge on Windows and with Chrome and Safari on MacOS, with no SSL errors.

Running the same "git pull" from MacOS works without any errors both from the command line and through SourceTree.

Extra information:

  • Bitbucket server version: 5.16.0 (5016000)
  • SourceTree version: 3.0.13
  • Git version: 2.18.0 (embedded version), 2.16.0 (system version)
  • I only managed to get the SSL certificate working on Friday, and it appeared to be working okay. First thing this morning (Monday) I tried to pull and got this error.

Any help would be very gratefully received!

Kind regards,

Charles

2 answers

1 accepted

3 votes
Answer accepted

So that I can mark this question as having an answer, I'm copying the workaround instructions here:

  • Re-install the command-line version of git from https://git-scm.com/download/win
  • In the installation, select "Use the native Windows Secure Channel library" rather than the default "Use the OpenSLL Library" option.
  • In SourceTree, Tools->Options->Git, select "System" as the Git Version rather than "Embedded".

Saved me from despairing. Thanks!

This saved hours, if not days, of finding a solution to this problem and I logged in specifically to upvote this answer! Thank you!

0 votes

Hello Charles and welcome to the Community!

Looks like you have your Bitbucket setup using SSL almost without issue, minus the GIT and Sourcetree errors. The good news is it looks like a simple problem with the CA signed cert. There is a KB written just for this exact issue. The resolution within the KB is as follows:

There are several ways this issue has been resolved previously:

  1. Ensure the root cert is added to git.exe's certificate store as discussed here.
  2. Tell Git where to find the CA bundle by running:
  3. git config --system http.sslCAPath /absolute/path/to/git/certificates
    -- or copying the CA bundle to the /bin directory and adding the following to the gitconfigfile:
  1. sslCAinfo = /bin/curl-ca-bundle.crt
  2. Reinstalling Git.

  3. Ensuring that the complete CA is present, including the root cert.

Source KB: SSL certificate problem: Unable to get local issuer certificate

If you’re still having issues with GIT after following the above, please let us know and we’ll be happy to provide further help to get you up and running.

Regards,
Stephen Sifers

Hi Stephen,

Thanks for your reply - I've been away for a while so I apologise for the delay in getting back to you.  I tried option 1 but noticed that the root certificate is already in the certificate store - it's signed by the GlobalSign Root CA.

The git config variables appear to be pointing to the correct ca-bundle.crt file too, it's not that.

I tried updating to the latest version of git, both the bundled version in SourceTree and the command line version, but that didn't help either.

Finally, I tried reinstalling the command-line git but switched from the "Use the OpenSLL Library" to the "Use the native Windows Secure Channel library", then switched SourceTree to use the system version rather than the bundles version and that has finally got it working.

Kind regards,

Charles

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events