We have Stash installed on a windows 2k8 r2 server, and for the most part everything is working nicely. We have a SSL certificate issued by our local on-premise Windows CA and a DNS entry set up so we can go to https://stash/ and it works quite nicely except in Firefox where it throws a warning (related?).
When using SourceTree we can paste the url in directly or navigate and choose a repository through the Globe icon button, but when we try to clone we get the following error:
fatal: unable to access https://user@url/scm/etc/etc.git: SSL certificate problem: unable to get local issuer certificate
I get the same error if I try if from the git bash as well. Based on this error, I've tried following various instructions on adding the SSL certificate to Git (also found on the website), including what is in the comments, to no avail. I have exported the cert through Firefox and through the mmc certificate snapin, gotten the same results and put it in it's own file, or combined with the curl file, and no matter what keep getting this error.
I also tried using ssh myserver and accepting the connection, and I entered my password and restarted, still the same error.
I do not want to simply ignore certificate validation either, since that seems a bit pointless, then. I have noticed, however, that I can simply try it over http (remove the trailing s) and surprisingly it works. I may end up just working that way - it seems pointless to have https if you can just bypass it.
I have tried various other solutions found on SO, but have made zero headway. How can I get this working with our CA-issued cert? Alternately, what do I need to do to get the SSH working?
Edit: I was speaking with a peer who mentioned that my cert may be missing the 'intermediate certificates', perhaps related to the issue I get with Firefox. I'm not sure what that means (I'm not great with certs), but I'm looking in to that.
Edit 2: I got the SSH working, I was an idiot and forgot the ports. So if nothing else I can work with that for now. I hadn't spent much time on it though, since it isn't really my focus at the moment.
Edit 3: I noticed that I'm not yet authenticating to Active Directory via SSL (using Delegated LDAP Authentication). I'm still waiting on my Networking guys to get something working there - would this perhaps affect it?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.