Problem
When pushing new commits to Git, we get an error:
Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Analysis
The reason for this error message is, that the certificate of your Git server is not trusted.
Solution
Add the certificate to the list of trusted certificates. Follow this:
1. Retrieve the certificate
$ echo -n | openssl s_client -showcerts -connect YOUR_HOST:443
2. Copy the parts between:
/-BEGIN CERTIFICATE-/ and /-END CERTIFICATE-/
3. Append the certificate to this file:
/etc/ssl/certs/ca-certificates.crt
This file can have other location. Determine it by running:
$ curl-config --ca
Or to automatize use this script:
#!/bin/sh hostname=XXX port=443 trust_cert_file_location=`curl-config --ca` sudo bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port \ 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \ >> $trust_cert_file_location"
Resources
Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none