{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 裙下三千臣 的问题《SSL certificate rejected trying to access GitHub o》','https://www.manongdao.com/q-11028.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm stuck behind a firewall so have to use HTTPS to access my GitHub repository. I'm using cygwin 1.7.7 on Windows XP.
I've tried setting the remote to https://username@github.com/username/ExcelANT.git, but pushing prompts for a password, but doesn't do anything once I've entered it.
https://username:<password>github.com/username/ExcelANT.git and cloning the empty repo from scratch but each time it gives me the same error
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/username/ExcelANT.git/info/refs
Turning on GIT_CURL_VERBOSE=1 gives me
* About to connect() to github.com port 443 (#0)
* Trying 207.97.227.239... * successfully set certificate verify locations:
* CAfile: none
CApath: /usr/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Expire cleared
* Closing connection #0
* About to connect() to github.com port 443 (#0)
* Trying 207.97.227.239... * successfully set certificate verify locations:
* CAfile: none
CApath: /usr/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Expire cleared
* Closing connection #0
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/username/ExcelANT.git/info/refs
fatal: HTTP request failed
Is this a problem with my firewall, cygwin or what?
I hadn't set the HTTP proxy in the Git config, however it's an ISA server that needs NTLM authentication, not basic, so unless anyone knows how to force git to use NTLM, I'm scuppered.
I encountered the same problem to configure Git on a collaborative development platform that I have to manage.
To solve it :
I've Updated the release of Curl installed on the server. Download the last version on the website Download page of curland follow the installation proceedings Installation proceedings of curl
Get back the certificate of the authority which delivers the certificate for the server.
Add this certificate to the CAcert file used by curl. On my server it is located in
/etc/pki/tls/certs/ca-bundle.crt.Configure git to use this certificate file by editing the .gitconfig file and set the sslcainfo path.
sslcainfo= /etc/pki/tls/certs/ca-bundle.crtOn the client machine you must get the certificate and configure the .gitconfig file too.
I hope this will help some of you.
A very simple solution: replace https:// with git://
Use git://the.repository instead of https://the.repository and will work.
I've had this problem on Windows with TortoiseGit and this solved it.
I wanted Git to use the updated certificate bundle without replacing the one my entire system uses. Here's how to have Git use a specific file in my home directory:
Now update
.gitconfigto use this for peer verification:Note I'm using an absolute path. Git does no path expansion here, so you can't use
~without an ugly kludge. Alternatively, you can skip the config file and set the path via the environment variableGIT_SSL_CAINFOinstead.To troubleshoot this, set
GIT_CURL_VERBOSE=1. The path of the CA file Git is using will be shown on lines starting with "CAfile:" in the output.I simply disabled the SSL certificate authentication and used the simple user name password login as shown below
Feel free to skip past this answer if you want to fix the certificates issue. This answer deals with tunneling ssh through the firewall which is IMHO a better solution to dealing with firewall/proxy thingies.
There is a better way than using http access and that is to use the ssh service offered by github on port 443 of the ssh.github.com server.
We use a tool called corkscrew. This is available for both CygWin (through setup from the cygwin homepage) and Linux using your favorite packaging tool. For MacOSX it is available from macports and brew at least.
The commandline is as follows :
The proxyhost and proxyport are the coordinates of the https proxy. The targethost and targetport is the location of the host to tunnel to. The authfile is a textfile with 1 line containing your proxy server username/password separated by a colon
e.g:
Installation for using "normal" ssh protocol for git communication
By adding this to the
~/.ssh/configthis trick can be used for normal ssh connections.now you can test it works by ssh-ing to gitproxy
(Note: if you never logged in to github before, ssh will be asking to add the server key to the known hosts file. If you are paranoid, it is recommended to verify the RSA fingerprint to the one shown on the github site where you uploaded your key).
A slight variant on this method is the case when you need to access a repository with another key, e.g. to separate your private account from your professional account.
enjoy!
We've been using this for years now on both Linux, Macs and Windows.
If you want you can read more about it in this blog post
To clone on windows while setting SSL verify to false:
If you want to clone without borfing your global settings.