How do I resolve error msg … SSL certificate problem: self signed certificate in certificate chain

John_Devron March 18, 2022

When I try to clone a repository using Sourcetree I get an error msg like this ...

Error: fatal: unable to access 'https://www.xyz.com:8443/scm/auvv/auv.git/':

SSL certificate problem: self signed certificate in certificate chain

Sourcetree error.png

I found the following command online but I’m not sure if it is applicable to the above error msg, or how to implement it …

git -c http.sslVerify=false clone <repository-name>

I tried pasting that into a DOS command line prompt without success.  Not sure how to open the BASH shell.   Instructions how to open the BASH could be useful.

Isn't there a way to use HTTPS only without SSH, or is that dependent on how the repository server is configured?

 

1 answer

0 votes
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 18, 2022

Hi John, welcome to the Community!

It looks like you're connecting to the repository with HTTPS (no SSH involved), but the server is using a self-signed certificate.

Rather than disabling certificate validation entirely, I would recommend adding the self-signed certificate to the trust store on your machine. This is a little complicated on Windows. You'll first need to get a copy of the certificate, and there are a few options:

  • If the administrator is known, ask them for a copy of the public certificate in .pem format
  • You could use the openssl command to fetch it, e.g.
    openssl s_client -connect www.xyz.com:8443/scm/
    and then save the lines starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----
  • Using Firefox, you could browse to the site and use the Export option in Options -> Advanced -> Certificates -> View Certificates -> Servers

Once you have the certificate in its own .pem file, use this command (in the same directory) to add it to git:

git config --global http.sslCAInfo saved-cert.pem

Restart Sourcetree, and it should no longer complain about that particular server.

Cheers,
Daniel  


(p.s. you did use the right command to disable certificate validation in git, you just need to add the --system or --global flag to get that to push through to Sourcetree)

John_Devron March 18, 2022

Thanks for the helpful advice Daniel.

 

I'm having difficulty tracking down the system administrator. So I'm trying your 2nd and 3rd suggestions.

How do I apply this command ?    openssl s_client -connect www.xyz.com:8443/scm/

I assume it would be through a BASH shell, but don't know how to get that started. Do you have a suggestion?

 

When you say "browse to the site and use the Export option" I assume you are referring to the Bitbucket server site. Is that correct? If so, then where are the menu "Options"?

 

Thank You!

John

vinodh kumar subbareddy September 4, 2023

Hey John_Devron,

Did you get this issue fixed. I got the same issue and I'm looking for fix. 

Please help if this issue got fixed for you

Thank You

Vinodh

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events