Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,363,968
Community Members
 
Community Events
168
Community Groups

How does Sourcetree check the certificate chain of a remote https intranet bitbucket server?

Jira and Bitbucket Server are intranet https servers. Their certificates are signed with a company root certificate. The company root certificate is imported in Firefox and in the different keystores of Jira and Bitbucket Server.

The access over firefox and the application link between Jira and Bitbucket Server works.

Configuring Sourcetree to use the intranet https Bitbucket Server fails due to a certificate validation error.

How does Sourcetree check the certificate chain of a remote https intranet bitbucket server? Are there logs? How does it check the root certificate?

1 answer

0 votes
Andy Heinzer Atlassian Team Apr 20, 2018

Jira and Confluence store the certificate in their Java trust stores.   Since those programs run on Java this works for them.  However Sourcetree is not using Java as a base environment.  Because of this there are different methods for storing SSL certificates for Sourcetree.   I would recommend walking through Resolving SSL Self-Signed Certificate Errors.

This KB explains the details of how to do this the Mac version to store this to the keychain.  And in the bottom of that KB, it also explains how on Windows environments you can use the Certificate Manager to make sure that your host operating system has the needed certificates.   Even if your system is not using self-signed certs, if the operating system does not have the root certificate, you might need to follow these same steps in order to make sure that an SSL connection can be established between Sourcetree and your bitbucket server.

Cloning a repository from the remote https intranet bitbucket server with Sourcetree (Windows) works. So there is no problem with git. Adding an account of the remote project archive of the remote https intranet bitbucket server fails.

How does Sourcetree (Windows) check the certificate chain of a remote https intranet bitbucket server if you try to add an account of the remote project archive of the remote https intranet bitbucket server?

 I would recommend walking through Resolving SSL Self-Signed Certificate Errors.

@Andy Heinzer, I did this and it works now when I clone a repository via the terminal opened in a different repository, available in Sourcetree. 

The strange thing is, that if I want to clone it via the Sourcetree GUI, I still get 

SSL certificate problem: self signed certificate in certificate chain

Where else need the new certificate added to, to make it work via the GUI.

I do use embedded git, located in  %USERPROFILE%\AppData\Local\Atlassian\SourceTree\git_local

my global .gitconfig in %USERPROFILE% includes:

[http]
sslCAInfo = ~/AppData/Local/Atlassian/SourceTree/git_local/usr/ssl/newcertificate.pem

Do I need to configure 

%USERPROFILE%\AppData\Local\Atlassian\SourceTree\git_local\mingw32\etc\gitconfig

as described in https://community.atlassian.com/t5/Sourcetree-questions/How-to-set-global-git-config/qaq-p/239006 as well?

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events