Problem

When accessing a Git server (pushing or pulling new commits), we get an error:

Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Analysis

The reason for this error message is, that the certificate of your Git server is not trusted.

Solution

Add the certificate to the list of trusted certificates. Follow this:



1. Retrieve the certificate

$ echo -n | openssl s_client -showcerts -connect YOUR_HOST:443

Replace YOUR_HOST with the hostname or IP of your Git server.

2. Copy the certificate between and including the following enclosing tags:

/-BEGIN CERTIFICATE-/ and  /-END CERTIFICATE-/

3. Append the certificate to this file:

/etc/ssl/certs/ca-certificates.crt

This file can have other location. Determine it by running:

$ curl-config --ca

Or to automatize use this script:

#!/bin/sh
hostname=YOUR_HOST
port=443
trust_cert_file_location=`curl-config --ca`

sudo bash -c "echo -n | openssl s_client -showcerts -connect ${hostname}:${port} \
 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
 >> ${trust_cert_file_location}"

Resources

  1. https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c

Error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *