Question
I can push by clone project using ssh, but it doesn’t work when I clone project with https. it shows message error as below.
servercertificateverificationfailed.CAfile:/etc/ssl/certs/ca-certificates.crtCRLfile:noneI can clone the project with SSH, but it doesn’t work when I clone the project with HTTPS. It shows a message error
servercertificateverificationfailed.CAfile:/etc/ssl/certs/ca-certificates.crtCRLfile:noneMethod 1:(Best Method)
You need to check the web certificate used for your gitLab server, and add it to your </git_intallation_folder>/bin/curl-ca-bundle.crt.
To check if at least the clone works without checking said certificate, you can set:
exportGIT_SSL_NO_VERIFY=1#orgitconfig--globalhttp.sslverifyBut that would be for testing only, as illustrated in “SSL works with browser, wget, and curl, but fails with git”, or in this blog post.
Check your GitLab settings, a in issue 4272.
To get that certificate (that you would need to ad to your curl-ca-bundle.crt file), type a:
echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'To check the CA (Certificate Authority issuer), type a:
echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'|opensslx509-noout-text|grep"CAIssuers"|head-1Findekano adds in the comments:
to identify the location of
curl-ca-bundle.crt, you could use the command
curl-config--caYou need to check your gitlab certificate for the web server and add it to your & lt/ git_ intallation_ folder>/ bin/curl-ca-bundle.crt。
To check whether at least the cloned works do not have a check certificate, you can set:
exportGIT_SSL_NO_VERIFY=1#orgitconfig--globalhttp.sslverifyHowever, it will only be used for testing, as shown in the figure “SSL with browser, WGet, curl, but not git”, or in this blog
Check your gitlab settings in question 4272
Get a certificate (you need to create a curl CA bundle. CRT file for your advertisement), type A:
echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'Check Ca, type A:
echo-n|openssls_client-showcerts-connectyourGitLabServer:YourHttpGilabPort2>/dev/null|sed-ne'/-BEGINCERTIFICATE-/,/-ENDCERTIFICATE-/p'|opensslx509-noout-text|grep"CAIssuers"|head-1Findekano added in comments:
Locate the location
curl CA bundle. CRT, you can use the command
curl-config--caMethod 2:
Open your terminal and run following command:
exportGIT_SSL_NO_VERIFY=1It works for me and I am using Linux system.
Open a terminal and run the following command.
exportGIT_SSL_NO_VERIFY=1My work, I use Linux system
Method 3:
Another cause of this problem might be that your clock might be off. Certificates are time sensitive.
Another reason for this problem may be that your clock may be off. Certificates are sensitive to time
Method 4:
GIT_CURL_VERBOSE=1git[clone|fetch]…should tell you where the problem is. In my case it was due to cURL not supporting PEM certificates when built against NSS, due to that support not being mainline in NSS (#726116 #804215 #402712 and more).
GIT_CURL_VERBOSE=1git[clone|fetch]…You should be told where the problem is. In my case, this is because the curl does not support PEM certificates when relying on NSS, because the support is not mainline in NSS (# 726116 # 804215 # 402712 and more)