git gitlab Peer 证书无法使用已知 CA 证书进行身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20781292/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
gitlab Peer certificate cannot be authenticated with known CA certificates
提问by Leon
When I setting up gitlab on centos 6 under the real ip, I meet this error finnally.
当我在真实ip下在centos 6上设置gitlab时,我最终遇到了这个错误。
[qzi@host test]$ git push -u origin master
fatal: unable to access 'http://10.41.37.180/git/test.git/': Peer certificate cannot be authenticated with known CA certificates
How can I solve this?
我该如何解决这个问题?
回答by ArtemB
You have number of options:
您有多种选择:
On an off chance that SSL verification fails due to out-of-date or absent CA certificates.
sudo yum reinstall ca-certificatesmight help. Make sure you have them and, possibly, point git to the right path withgit config http.sslCAInfoorhttp.sslCAPath.Install properly signed ceritificate on gitlab site, so your git-over-HTTPS does not complain when it sees self-signed certificate which would be fairly typical in simple setups.
Disable SSL certificate verification with
git config http.sslVerify falseor setGIT_SSL_NO_VERIFYin the environment.use
git clone git://...to clone your repo.
由于 CA 证书过期或缺失,SSL 验证失败的可能性很小。
sudo yum reinstall ca-certificates可能有帮助。确保您拥有它们,并可能使用git config http.sslCAInfo或 将git 指向正确的路径http.sslCAPath。在 gitlab 站点上安装正确签名的证书,因此您的 git-over-HTTPS 在看到自签名证书时不会抱怨,这在简单设置中是相当典型的。
禁用 SSL 证书验证
git config http.sslVerify false或GIT_SSL_NO_VERIFY在环境中设置。用于
git clone git://...克隆您的回购。
回答by chorn
I use a selfsigned cert for offering git via https.
我使用自签名证书通过 https 提供 git。
On Fedora clients the following can be used so the client trusts the https certificate. "fluxcoil.net_201404.cert" is the PEM file containing the https certtificate, or an own CA which has signed the https cert:
在 Fedora 客户端上,可以使用以下内容,以便客户端信任 https 证书。“fluxcoil.net_201404.cert”是包含 https 证书的 PEM 文件,或已签署 https 证书的自己的 CA:
certutil -d sql:/home/chris/.pki/nssdb -A -t "P,," \
-n "fluxcoil.net" -i /home/chris/fluxcoil.net_201404.cert
回答by Erwan Legrand
Set the http."https://10.41.37.180/".sslCAInfogit config property:
设置http."https://10.41.37.180/".sslCAInfogit 配置属性:
$ git config http."https://10.41.37.180/".sslCAInfo /path/to/certificate.pem
$ git config http."https://10.41.37.180/".sslCAInfo /path/to/certificate.pem
回答by caot
It worked with export GIT_SSL_NO_VERIFY=trueas the following:
它的工作方式export GIT_SSL_NO_VERIFY=true如下:
$ git pull
fatal: unable to access 'https://gitlab.DOMAIN-NAME/TEST_REPO.git/': Peer certificate cannot be authenticated with known CA certificates
$ export GIT_SSL_NO_VERIFY=true
$ git pull
Username for 'https://gitlab.DOMAIN-NAME':
Password for 'https://gitlab.DOMAIN-NAME':
