I needed two things:

1. go to cygwin setup and include the package 'ca-certificates' (it is under Net) (as indicated elsewhere).

2. Tell git where to find the installed certificates:

   GIT_SSL_CAINFO=/usr/ssl/certs/ca-bundle.crt GIT_CURL_VERBOSE=1 git ...

   (Verbose option is not needed)

   Or storing the option permanently:

   git config --global http.sslCAinfo /usr/ssl/certs/ca-bundle.crt

   git ...

I had the same issue. Certificate import or command to unset ssl verification didn't work. It turn out to be expired password for network proxy. There was entry of proxy config. in the .gitconfig file present in my windows user profile. I just removed the whole entry and it started working again.

I've been having this same problem for Solaris Express 11. It took me a while but I managed to find where the certificates needed to be placed. According to /etc/openssl/openssl.cnf, the path for certificates is /etc/openssl/certs. I placed the certificates generated using the above advice from Alexey.

You can verify that things are working using openssl on the commandline:

openssl s_client -connect github.com:443

Have you checked your time?

I absolutely refused to make my git operations insecure and after trying everything people mentioned here, it struck me that one possible cause why certificates fail to pass verification is that the dates are wrong (either the certificate expiry date, or the local clock).

You can check this easily by typing date in a terminal. In my case (a new raspberry Pi), the local clock was set to 1970, so a simple ntpdate -u 0.ubuntu.pool.ntp.org fixed everything. For a rPi, I would also recommend that you put the following script in a daily cron job (say /etc/cron.daily/ntpdate):

#!/bin/sh
/usr/sbin/ntpdate -u 0.ubuntu.pool.ntp.org 1> /dev/null 2>&1

Improve RouMao's solution by temporarily disabling GIT/curl ssl verification in Windows cmd:

set GIT_SSL_NO_VERIFY=true
git config --global http.proxy http://<your-proxy>:443

The good thing about this solution is that it only takes effect in the current cmd window.

If all you want to do is just to use the Cygwin git client with github.com, there is a much simpler way without having to go through the hassle of downloading, extracting, converting, splitting cert files. Proceed as follows (I'm assuming Windows XP with Cygwin and Firefox)

1. In Firefox, go to the github page (any)
2. click on the github icon on the address bar to display the certificate
3. Click through "more information" -> "display certificate" --> "details" and select each node in the hierarchy beginning with the uppermost one; for each of them click on "Export" and select the PEM format:
   • GTECyberTrustGlobalRoot.pem
   • DigiCertHighAssuranceEVRootCA.pem
   • DigiCertHighAssuranceEVCA-1.pem
   • github.com.pem
4. Save the above files somewhere in your local drive, change the extension to .pem and move them to /usr/ssl/certs in your Cygwin installation (Windows: c:\cygwin\ssl\certs )
5. (optional) Run c_reshash from the bash.

That's it.

Of course this only installs one cert hierarchy, the one you need for github. You can of course use this method with any other site without the need to install 200 certs of sites you don't (necessarily) trust.