I use a DoD CaC card on a contract job to authenticate to our bitbucket via the browser. I am running into an issue on my work Mac that does not allow me to pull/push changes while not onsite. I am able to visit this repo via the browser with a selected certificate on/off site. This is not an issue for a colleague of mine with windows.
Error:
fatal: unable to access ’https://user@privatebitbucket.com/repo.git/':
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
I have taken the certificate from my keychain and able to export as a .cer. I am unable to export it as a .p12.
Using .cer I get the error
fatal: unable to access
'https://xxx': error setting certificate verify locations:
CAfile: /Users/user/.ssh/cert.cer
CApath: none
I attempted to convert the .cer to a .pem using the following
openssl x509 -inform pem -in cert.cer -outform der -out certid.pem
[http "https://privatebitbucket.com/"]
sslCAInfo = /Users/username/.ssh/certid.pem
This cert usually requires a pin to be entered into the browser so I am not sure if I need to configure that anywhere or if I am converting these properly.
The current SSL version is:
openssl version -a
LibreSSL 2.2.7
built on: date not available
platform: information not available
options: bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx)
compiler: information not available
OPENSSLDIR: “/private/etc/ssl”
Thank you for your help
Edit:
Attempted from my personal computer with this version of openssl. The issue still persists.
OpenSSL 1.0.2o 27 Mar 2018
built on: reproducible build, date unspecified
platform: darwin64-x86_64-cc
options: bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: /usr/bin/clang -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/opt/local/etc/openssl"
Thank you in advance,
