3

I currently have a situation where I need a (self generated) RootCA.crt configured for our internal private gitlab installation.

At the same time we still need "normal" access to github.com.

Therefore I need both CA settings working at the same time.

My git config --global --edit looks like this

[user]
        name = my name
        email = my email
[core]
        autocrlf = false
        excludesfile = C:\\Users\\<user>\\Documents\\gitignore_global.txt
[filter "lfs"]
        clean = git-lfs clean -- %f
        smudge = git-lfs smudge -- %f
        process = git-lfs filter-process
        required = true
[mergetool "sourcetree"]
        cmd = 'C:/Program Files/KDiff3/kdiff3.exe' \"$BASE\" \"$LOCAL\" \"$REMOTE\" -o \"$MERGED\"
        trustExitCode = true
[winUpdater]
        recentlySeenVersion = 2.17.0.windows.1
[credential]
        helper = store
[http "https://our.gitlab.server*"]
        sslVerify = true
        sslCAInfo = C:/ssl/RootCA.crt
        sslCAPath = C:/ssl
[http "https://github.com*"]
        sslCAInfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
        sslCAPath = C:/Program Files/Git/mingw64/ssl/certs
        sslVerify = true

So as you can see I configured the two http entries, one for our local server and one for github. (like shown in the documentation)

If I am just setting one at a time like 

[http]
     sslCAInfo = C:/ssl/RootCA.crt
     sslCAPath = C:/ssl/
     sslVerify  = true

the according repos work fine.

But in the moment using the upper config it is always showing nothing:

$ git config --get-all http.sslCAInfo
(nothing)


How can I get both configurations using different CA certs according to the repositories URL to work properly?

derHugo
  • 83,094
  • 9
  • 75
  • 115
  • I have not fussed with any of the CA-cert stuff in Git but I can note here, as a quick comment, that `--get-all http.sslCAInfo` looks for `http.sslCAInfo` and not `http..sslCAInfo`. You can use `--get-regexp` to search using regular expressions (where this is `http\..*\.sslCAInfo`). – torek Apr 19 '18 at 15:17
  • Yeah the problem in general with that `http..sslCAInfo` seems to be that git simply doesn't recognize it as the place where to look for the CAs ... – derHugo Apr 20 '18 at 06:41

1 Answers1

1

As a kind of workarround I opened the default C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt and my C:/ssl/RootCA.crt in a text editor and appended the content of the default CA-cert bundle to mine so it now contains all certs.

Anyway I hoped there would be an esier way to do it because now with every git update I have to make sure the CA-certs which I copied from the default are still valid. And if not everyone using our internal git has to replace his cert file again.

derHugo
  • 83,094
  • 9
  • 75
  • 115