Problem

When pushing new commits to Git, we get an error:

Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Analysis

The reason for this error message is, that the certificate of your Git server is not trusted.

Solution

Add the certificate to the list of trusted certificates. Follow this:



1. Retrieve the certificate

$ echo -n | openssl s_client -showcerts -connect YOUR_HOST:443

2. Copy the parts between:

/-BEGIN CERTIFICATE-/ and  /-END CERTIFICATE-/

3. Append the certificate to this file:

/etc/ssl/certs/ca-certificates.crt

This file can have other location. Determine it by running:

$ curl-config --ca

Or to automatize use this script:

#!/bin/sh
hostname=XXX
port=443
trust_cert_file_location=`curl-config --ca`

sudo bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port \
 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
 >> $trust_cert_file_location"

Resources

  1. https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c
Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *