2

I'm running the same command on 2 different servers. One works, the other doesn't.

I'm running git clone https://blah.com:8443/blah.git

On server A, it works fine. I get the objects, files, etc. no problems.

On server B, I get the following message.

git clone https://blah.com:8443/blah.git
Cloning into 'blah'...
error: Peer certificate cannot be authenticated with known CA certificates while accessing https://blah.com:8443/blah.git/info/refs?service=git-upload-pack
fatal: HTTP request failed

Does anyone know what this means or what I need to do to get this to work? Thanks in advance for any help you can give me.

Classified
  • 5,759
  • 18
  • 68
  • 99
  • 2
    Is server B using a self-signed certificate? – cjc343 Oct 31 '13 at 21:53
  • @cjc343, i'm sorry but i'm not sure. i didn't set up the machines. how can i tell/check? and actually, server A is my laptop. server B is a real server. server B is running centos. the laptop is running OSX. – Classified Oct 31 '13 at 22:03
  • 1
    Chances are it is. Per the second method (ignoring certs) you can run `git config http.sslVerify false` in the problematic repo, test if it works, and if it does, I would recommend you then follow the steps in the answer covering properly trusting the cert, including finishing with `git config http.sslVerify true` or `git config --unset http.sslVerify` to close the security hole that disabling verification opens. – cjc343 Oct 31 '13 at 22:09
  • 1
    @cjc343 holy moly, thx. the 2nd method worked...sort of. it didn't work with the `git config http.sslVerify true` but it worked with `export GIT_SSL_NO_VERIFY=true`, which it alluded to. thx for your help, and the warning. I'll look at the first method later. my brain is fried now =) thx again for un-frying my brain. – Classified Oct 31 '13 at 22:56

1 Answers1

3

Here is a question covering trusting a self-signed certificate. This is the proper way to fix the issue assuming you are using a self-signed cert.

This question covers ignoring a certificate, however, depending on which method you use, this could result in ignoring all certificates, which would make communicating with your git server insecure, and is therefore a quick solution, but not a good solution. If you take this route, I would recommend at least using the per-repository setting (git config http.sslVerify false) instead of applying it more broadly in order to minimize the severe negative impact of this method.

Community
  • 1
  • 1
cjc343
  • 3,735
  • 1
  • 29
  • 34