How to import a CA cert to use with git https connections?

Article ID:115000611111
1 minute readKnowledge base

Issue

  • We can not connect by https to out git server, it returns a Peer certificate cannot be authenticated with known CA certificates message

stderr: fatal: unable to access 'https://git.example.com/user/repo.git/': Peer certificate cannot be authenticated with known CA certificates

Environment

Resolution

Git uses curl to access the https servers, so you need to import the certificate into the CA store of the system.

The steps to import the certificate on your system CA store vary depending on your OS:

Debian/Ubuntu

openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt sudo cp example_com.crt /usr/local/share/ca-certificates/example_com.crt sudo update-ca-certificates

Red Hat Enterprise Linux/Fedora/CentOS

openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > example_com.crt sudo cp example_com.crt /etc/pki/ca-trust/source/example_com.crt sudo update-ca-trust enable sudo update-ca-trust extract

Workaround

The workaround is to define the environment variable GIT_SSL_NO_VERIFY=1 on your Agent environment variables. Be aware that this is ultimately unsafe, insecure, and not recommended. Please only use the workaround if no other options are available.

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.