Problem

When accessing a Git server (pushing or pulling new commits), we get an error:

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Analysis

Apparently, the certificate of your Git server is not trusted.

Solution

Add the certificate to the list of trusted certificates. Follow this:



1. Retrieve the certificate

$ echo -n | openssl s_client -showcerts -connect YOUR_HOST:443

Replace YOUR_HOST with the hostname or IP of your Git server.

2. Copy the certificate between and including the following enclosing tags:

/-BEGIN CERTIFICATE-/ and  /-END CERTIFICATE-/

3. Append the certificate to the file:

/etc/ssl/certs/ca-certificates.crt

This file can have other locations too. Determine the location of the ca-certificates.crt file by running:

$ curl-config --ca

Or to automatize create a script shown below. Do not forget to replace YOUR_HOST with the hostname or IP of your Git server in the script.

#!/bin/sh
hostname=YOUR_HOST
port=443
trust_cert_file_location=`curl-config --ca`

sudo bash -c "echo -n | openssl s_client -showcerts -connect ${hostname}:${port} \
 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
 >> ${trust_cert_file_location}"

As a prerequisite you might need to install the libcurl4-openssl-dev package:

$ sudo apt-get install libcurl4-openssl-dev

Resources

  1. https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c

Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *