It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How does Sourcetree check the certificate chain of a remote https intranet bitbucket server?

Jira and Bitbucket Server are intranet https servers. Their certificates are signed with a company root certificate. The company root certificate is imported in Firefox and in the different keystores of Jira and Bitbucket Server.

The access over firefox and the application link between Jira and Bitbucket Server works.

Configuring Sourcetree to use the intranet https Bitbucket Server fails due to a certificate validation error.

How does Sourcetree check the certificate chain of a remote https intranet bitbucket server? Are there logs? How does it check the root certificate?

1 answer

0 votes
Andy Heinzer Atlassian Team Apr 20, 2018

Jira and Confluence store the certificate in their Java trust stores.   Since those programs run on Java this works for them.  However Sourcetree is not using Java as a base environment.  Because of this there are different methods for storing SSL certificates for Sourcetree.   I would recommend walking through Resolving SSL Self-Signed Certificate Errors.

This KB explains the details of how to do this the Mac version to store this to the keychain.  And in the bottom of that KB, it also explains how on Windows environments you can use the Certificate Manager to make sure that your host operating system has the needed certificates.   Even if your system is not using self-signed certs, if the operating system does not have the root certificate, you might need to follow these same steps in order to make sure that an SSL connection can be established between Sourcetree and your bitbucket server.

Cloning a repository from the remote https intranet bitbucket server with Sourcetree (Windows) works. So there is no problem with git. Adding an account of the remote project archive of the remote https intranet bitbucket server fails.

How does Sourcetree (Windows) check the certificate chain of a remote https intranet bitbucket server if you try to add an account of the remote project archive of the remote https intranet bitbucket server?

 I would recommend walking through Resolving SSL Self-Signed Certificate Errors.

@Andy Heinzer, I did this and it works now when I clone a repository via the terminal opened in a different repository, available in Sourcetree. 

The strange thing is, that if I want to clone it via the Sourcetree GUI, I still get 

SSL certificate problem: self signed certificate in certificate chain

Where else need the new certificate added to, to make it work via the GUI.

I do use embedded git, located in  %USERPROFILE%\AppData\Local\Atlassian\SourceTree\git_local

my global .gitconfig in %USERPROFILE% includes:

[http]
sslCAInfo = ~/AppData/Local/Atlassian/SourceTree/git_local/usr/ssl/newcertificate.pem

Do I need to configure 

%USERPROFILE%\AppData\Local\Atlassian\SourceTree\git_local\mingw32\etc\gitconfig

as described in https://community.atlassian.com/t5/Sourcetree-questions/How-to-set-global-git-config/qaq-p/239006 as well?

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Sourcetree

Sourcetree for Windows - CVE-2019-11582 - Remote Code Execution vulnerability

A vulnerability has been published today in regards to Sourcetree for Windows.  The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a st...

4,955 views 0 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you