On a Mac OSX 10.5 system, I was able to get this to work with a simple method. First, run the github procedures and the test, which worked ok for me, showing that my certificate was actually ok. https://help.github.com/articles/generating-ssh-keys

ssh -T git@github.com

Then I finally noticed yet another url format for remotes. I tried the others, above and they didn't work. http://git-scm.com/book/ch2-5.html

git@github.com:MyGithubUsername/MyRepoName.git

A simple "git push myRemoteName" worked great!

If you're on Mac OS X, you can install the ca-cert-bundle via homebrew:

$ brew install curl-ca-bundle
$ git config --system http.sslcainfo /usr/local/share/ca-bundle.crt

The formula installs the cert bundle to your share via:

share.install 'ca-bundle.crt'

The share method is just an alias to /usr/local/share, and the curl-ca-bundle is provided by Mozilla. It's what you see being referenced in a lot of issues. Hope this helps as it's not very straightforward about how to approach this on Mac OS X. brew install curl isn't going to get you much either as it's keg only and will not be linked (running which curl will always output /usr/bin/curl, which is the default that ships with your OS). This post may also be of some value.

You'll of course need to disable SSL before you install homebrew since it's a git repo. Just do what curl says when it errors out during SSL verification and:

$ echo insecure >> ~/.curlrc

Once you get homebrew installed along with the curl-ca-bundle, delete .curlrc and try cloning a repo out on github. Ensure that there are no errors and you'll be good to go.

NOTE: If you do resort to .curlrc, please remove it from your system the moment you're done testing. This file can cause major issues, so use it for temporary purposes and with caution. brew doctor will complain in case you forget to purge it from your system).

NOTE: If you update your version of git, you'll need to rerun this command since your system settings will be wiped out (they're stored relative to the git binary based on version).

So after running:

$ brew update
$ brew upgrade

If you get a new version of git, then just rerun:

$ git config --system http.sslcainfo /usr/local/share/ca-bundle.crt

And you'll be all set.

Lastly if you have a new version of git, running:

$ git config -l --system

should give you an error along the lines of

fatal: unable to read config file '/usr/local/Cellar/git/1.8.2.2/etc/gitconfig'

that's your tip that you need to tell git where the Mozilla ca-bundle is.

UPDATE:

.curlrc may or may not be the remedy to your problem. In any case, just get the Mozilla ca-bundle installed on your machine whether you have to manually download it or not. That's what's important here. Once you get the ca-bundle, you're good to go. Just run the git config command and point git to the the ca-bundle.

UPDATE

I recently had to add:

export CURL_CA_BUNDLE=/usr/local/share/ca-bundle.crt to my .zshenv dot file since I'm using zsh. the git config option worked for most cases, but when hitting github over SSL (rvm get stable for example), I still ran into certificate issues. @Maverick pointed this out in his comment, but just in case someone misses it or assumes they don't necessarily need to export this environment variable in addition to running the git config --system.... command. Thanks and hope this helps.

UPDATE

It looks like the curl-ca-bundle was recently removed from homebrew. There is a recommendation here.

You will want to drop some files into:

$(brew --prefix)/etc/openssl/certs

The problem is that you do not have any of Certification Authority certificates installed on your system. And these certs cannot be installed with cygwin's setup.exe.

Update: Install Net/ca-certificates package in cygwin (thanks dirkjot)

There are two solutions:

1. Actually install root certificates. Curl guys extracted for you certificates from Mozilla.

   cacert.pem file is what you are looking for. This file contains > 250 CA certs (don't know how to trust this number of ppl). You need to download this file, split it to individual certificates put them to /usr/ssl/certs (your CApath) and index them.

   Here is how to do it. With cygwin setup.exe install curl and openssl packages execute:

   $ cd /usr/ssl/certs
   $ curl http://curl.haxx.se/ca/cacert.pem |
     awk '{print > "cert" (1+n) ".pem"} /-----END CERTIFICATE-----/ {n++}'
   $ c_rehash
   

   Important: In order to use c_rehash you have to install openssl-perl too.

2. Ignore SSL certificate verification.

   WARNING: Disabling SSL certificate verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues and your threat model before using this as a solution.

   $ env GIT_SSL_NO_VERIFY=true git clone https://github...
   

Note that for me to get this working (RVM install on CentOS 5.6), I had to run the following:

export GIT_SSL_NO_VERIFY=true

and after that, the standard install procedure for curling the RVM installer into bash worked a treat :)