I am running Gitblit on a Windows Server and am trying to push data to a repository from another machine on the network. I have used a SSL certificate (not self signed, but I think signed by my company? Not really sure how that works but Chrome, IE, etc. see it is identity verified).
The server that runs Gitblit is named
git.exe push --progress "https://itscm:8234/git/TestRepo.git" master
fatal: unable to access 'https://itscm:8234/git/TestRepo.git/': SSL certificate problem: self signed certificate in certificate chain
Git for Windows has its own trust store of trusted certificates which is normally located in the file
C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt; configured by the key
C:\Program Files\Git\mingw64\ssl\certs\ca-bundle.crt; configured by the key
Disabling checking of certificates (e.g., by setting
git config http.sslVerify false) is not a good idea and might be extremely dangerous (as all security checks are disabled and MitM attacks are easily possible - depending where this is set it applies for all new https connections).
In order to add a certificate (may it be a self-signed one or another root certificate) to this trust store in order to automatically trust it, you have to perform the following steps:
Now you have several options
git config --global http.sslCAinfo "[yourfilename]"in a cli shell in order to only use this certificate as the trust store.
git config --global http.sslCAinfo "[yourfilename]"in a cli shell in order to use this new trust store.
type [yourfilename] >> [path-to-git-trust-store-crt-file]in a cli shell running with administrative rights) OR using notepad (make a copy of the ca-bundle.crt file on desktop, append the content of the downlaoded .crt file and then copy it back). Disadvantage: changes might get overwritten on git update
Done. Now, this certificate is in the trust store of Git for Windows.