4 Methods to Solve Error: Server certificate verification failed. CAfile: /e

Question

I can push by clone project using ssh, but it doesn’t work when I clone project with https. it shows message error as below.

servercertificateverificationfailed.CAfile:/etc/ssl/certs/ca-certificates.crtCRLfile:none

I can clone the project with SSH, but it doesn’t work when I clone the project with HTTPS. It shows a message error

servercertificateverificationfailed.CAfile:/etc/ssl/certs/ca-certificates.crtCRLfile:none

Method 1:(Best Method)

You need to check the web certificate used for your gitLab server, and add it to your </git_intallation_folder>/bin/curl-ca-bundle.crt.

To check if at least the clone works without checking said certificate, you can set:

exportGIT_SSL_NO_VERIFY=1#orgitconfig--globalhttp.sslverify

But that would be for testing only, as illustrated in “SSL works with browser, wget, and curl, but fails with git”, or in this blog post.

Check your GitLab settings, a in issue 4272.

To get that certificate (that you would need to ad to your curl-ca-bundle.crt file), type a:

echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'

To check the CA (Certificate Authority issuer), type a:

echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'|opensslx509-noout-text|grep"CAIssuers"|head-1

Findekano adds in the comments:

to identify the location of curl-ca-bundle.crt, you could use the command

curl-config--ca

You need to check your gitlab certificate for the web server and add it to your & lt/ git_ intallation_ folder>/ bin/curl-ca-bundle.crt

To check whether at least the cloned works do not have a check certificate, you can set:

exportGIT_SSL_NO_VERIFY=1#orgitconfig--globalhttp.sslverify

However, it will only be used for testing, as shown in the figure “SSL with browser, WGet, curl, but not git”, or in this blog

Check your gitlab settings in question 4272

Get a certificate (you need to create a curl CA bundle. CRT file for your advertisement), type A:

echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'

Check Ca, type A:

echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'|opensslx509-noout-text|grep"CAIssuers"|head-1

Findekano added in comments:

Locate the location curl CA bundle. CRT , you can use the command

curl-config--ca

Method 2:

Open your terminal and run following command:

exportGIT_SSL_NO_VERIFY=1

It works for me and I am using Linux system.

Open a terminal and run the following command.

exportGIT_SSL_NO_VERIFY=1

My work, I use Linux system

Method 3:

Another cause of this problem might be that your clock might be off. Certificates are time sensitive.

Another reason for this problem may be that your clock may be off. Certificates are sensitive to time

Method 4:

GIT_CURL_VERBOSE=1git[clone|fetch]…

should tell you where the problem is. In my case it was due to cURL not supporting PEM certificates when built against NSS, due to that support not being mainline in NSS (#726116 #804215 #402712 and more).

GIT_CURL_VERBOSE=1git[clone|fetch]…

You should be told where the problem is. In my case, this is because the curl does not support PEM certificates when relying on NSS, because the support is not mainline in NSS (# 726116 # 804215 # 402712 and more)

 

Similar Posts: