Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,457,751
Community Members
 
Community Events
176
Community Groups

How do I resolve error msg … SSL certificate problem: self signed certificate in certificate chain

When I try to clone a repository using Sourcetree I get an error msg like this ...

Error: fatal: unable to access 'https://www.xyz.com:8443/scm/auvv/auv.git/':

SSL certificate problem: self signed certificate in certificate chain

Sourcetree error.png

I found the following command online but I’m not sure if it is applicable to the above error msg, or how to implement it …

git -c http.sslVerify=false clone <repository-name>

I tried pasting that into a DOS command line prompt without success.  Not sure how to open the BASH shell.   Instructions how to open the BASH could be useful.

Isn't there a way to use HTTPS only without SSH, or is that dependent on how the repository server is configured?

 

1 answer

0 votes
Daniel Eads Atlassian Team Mar 18, 2022

Hi John, welcome to the Community!

It looks like you're connecting to the repository with HTTPS (no SSH involved), but the server is using a self-signed certificate.

Rather than disabling certificate validation entirely, I would recommend adding the self-signed certificate to the trust store on your machine. This is a little complicated on Windows. You'll first need to get a copy of the certificate, and there are a few options:

  • If the administrator is known, ask them for a copy of the public certificate in .pem format
  • You could use the openssl command to fetch it, e.g.
    openssl s_client -connect www.xyz.com:8443/scm/
    and then save the lines starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----
  • Using Firefox, you could browse to the site and use the Export option in Options -> Advanced -> Certificates -> View Certificates -> Servers

Once you have the certificate in its own .pem file, use this command (in the same directory) to add it to git:

git config --global http.sslCAInfo saved-cert.pem

Restart Sourcetree, and it should no longer complain about that particular server.

Cheers,
Daniel  


(p.s. you did use the right command to disable certificate validation in git, you just need to add the --system or --global flag to get that to push through to Sourcetree)

Thanks for the helpful advice Daniel.

 

I'm having difficulty tracking down the system administrator. So I'm trying your 2nd and 3rd suggestions.

How do I apply this command ?    openssl s_client -connect www.xyz.com:8443/scm/

I assume it would be through a BASH shell, but don't know how to get that started. Do you have a suggestion?

 

When you say "browse to the site and use the Export option" I assume you are referring to the Bitbucket server site. Is that correct? If so, then where are the menu "Options"?

 

Thank You!

John

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events