Problem
When accessing a Git server (pushing or pulling new commits), we get an error:
Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Analysis
The reason for this error message is, that the certificate of your Git server is not trusted.
Solution
Add the certificate to the list of trusted certificates. Follow this:
1. Retrieve the certificate
$ echo -n | openssl s_client -showcerts -connect YOUR_HOST:443
Replace YOUR_HOST with the hostname or IP of your Git server.
2. Copy the certificate between and including the following enclosing tags:
/-BEGIN CERTIFICATE-/ and /-END CERTIFICATE-/
3. Append the certificate to this file:
/etc/ssl/certs/ca-certificates.crt
This file can have other location. Determine it by running:
$ curl-config --ca
Or to automatize use this script:
#!/bin/sh
hostname=YOUR_HOST
port=443
trust_cert_file_location=`curl-config --ca`
sudo bash -c "echo -n | openssl s_client -showcerts -connect ${hostname}:${port} \
2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
>> ${trust_cert_file_location}"
Resources
Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none