当前位置:theitroad>Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = 无法获得本地颁发者证书

Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = 无法获得本地颁发者证书

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/47656326/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-09 05:12:35  来源:igfitidea点击:

Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = Unable to get local issuer certificate

gittfsvisual-studio-2017ssl-certificate

提问by DioBrando

I'm new to interact with Git and I'm trying to combine it with TFS infrastructure, but experiencing SSL authentication problems. No Github, no VSTS. TFS is on-premises, therefore local installation.

我是与 Git 交互的新手,我正在尝试将它与 TFS 基础设施结合起来,但遇到了 SSL 身份验证问题。没有 Github,没有 VSTS。TFS 是本地的,因此是本地安装。

Server part:

服务器部分:

I've installed TFS 2018 on Windows Server 2016 and create a corporate self signed certificate and bind the TFS web service (IIS manager) on that certificate.

我已经在 Windows Server 2016 上安装了 TFS 2018 并创建了一个企业自签名证书并在该证书上绑定了 TFS Web 服务(IIS 管理器)。

TFS is configured to run only through HTTPS. HTTP is redirected to HTTPS. I've setup a new Project with Git as versioning system.

TFS 配置为仅通过 HTTPS 运行。HTTP 被重定向到 HTTPS。我已经使用 Git 作为版本控制系统设置了一个新项目。

Client part:

客户端部分:

I have two kind of Windows clients. Windows 7 SP1 and 10 Anniversary Update, both of them with Visual Studio 2017 Enterprise.

我有两种 Windows 客户端。Windows 7 SP1 和 10 周年更新,它们都带有 Visual Studio 2017 Enterprise。

I installed the certificate (as Trusted Root Certification Authorities) and connecting through browser I have no whatsoever to see the project informations. No browser raise any kind of alerts regarding authenticity of certicate. Then, I installed Git-2.15.1.2-64-bit.exe, using Windows Secure Channel Library.

我安装了证书(作为受信任的根证书颁发机构)并通过浏览器连接我看不到任何项目信息。没有浏览器会发出有关证书真实性的任何类型的警报。然后,我使用 Windows 安全通道库安装了 Git-2.15.1.2-64-bit.exe。

I followed this guideto configure Git clients, because I was getting title fatal error. So basically I extracted content of self-signed and appended to ca-bundle.crt file. All of them:

我按照本指南配置 Git 客户端,因为我遇到了标题致命错误。所以基本上我提取了自签名的内容并附加到 ca-bundle.crt 文件中。他们都:

  • C:/Program Files/Git/mingw64/ssl/certs/
  • C:\users\myname (created as a global one just like guide says)
  • C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\ssl\certs (this is created by Visual Studio 2017 installation)
  • C:/程序文件/Git/mingw64/ssl/certs/
  • C:\users\myname(就像指南说的那样创建为全局一个)
  • C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\ssl\certs(这是由 Visual Studio 2017 安装创建的)

When I use through Powershell "git config --list --show-origin" command, I see listed: file:"C:\Program Files\Git\mingw64/etc/gifconfig" http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt file:"C:/users/myname/.gifconfig" http.sslcainfo=C:/users/myname/ca-bundle.crt

当我通过 Powershell "git config --list --show-origin" 命令使用时,我看到列出: file:"C:\Program Files\Git\mingw64/etc/gifconfig" http.sslcainfo=C:/Program Files/ Git/mingw64/ssl/certs/ca-bundle.crt 文件:"C:/users/myname/.gifconfig" http.sslcainfo=C:/users/myname/ca-bundle.crt

If I try to clone repository from VS2017 Team Explorer panel it keeps saying: "Git failed with a fatal error. fatal: unable to access 'https://tfs.blahblah/': SSL certificate problem: unable to get local issuer certificate"

如果我尝试从 VS2017 团队资源管理器面板克隆存储库,它会一直说:“ Git 因致命错误而失败。致命:无法访问‘ https://tfs.blahblah/’:SSL 证书问题:无法获得本地颁发者证书

But when I use Git GUI it answers with a different error: fatal: Couldn't find remote ref HEADAs far as I know it looks reasonable because there is no commit attached.

但是当我使用 Git GUI 时,它会回答一个不同的错误: 致命:找不到远程引用 HEAD据我所知,它看起来很合理,因为没有附加提交。

But I can't commit anything if I can't "pair" with Visual Studio 2017.

但是如果我不能与 Visual Studio 2017“配对”,我就不能提交任何东西。

I read through several links, but I couldn't get it through. So before mark it as duplicated, I ask you to PLEASE pay attention to my specific system/environment requirements.

我通读了几个链接,但我无法通过。因此,在将其标记为重复之前,我请您注意我的特定系统/环境要求。

Note: and please don't suggest me to switch off SSLbecause as already talked it is NOT a solution in corporate/enterprise environments

注意:请不要建议我关闭 SSL,因为正如已经讨论过的,它不是公司/企业环境中的解决方案

回答by Anoj

In Git Settings, Global Settings in Team Explorer, there is an option to choose between OpenSSL and Secure Channel.

在团队资源管理器的 Git 设置、全局设置中,有一个选项可以在 OpenSSL 和安全通道之间进行选择。

Starting with Visual Studio 2017 (version 15.7 preview 3) use of SChannel in Git Global settings fixed my issue.

从 Visual Studio 2017(版本 15.7 预览版 3)开始,在 Git 全局设置中使用 SChannel 修复了我的问题。

回答by DioBrando

After two day with system admin support, I got the solution. I post it here in case it may help somebody else. Visual Studio 2017 looks not accepting a self signed certificate, as error states ("local issuer blah blah"). It has to be a local CA to approve it. Steps were:

在系统管理员支持两天后,我得到了解决方案。我把它贴在这里以防它可以帮助别人。Visual Studio 2017 看起来不接受自签名证书,因为错误状态(“本地发行者等等”)。它必须是本地 CA 才能批准它。步骤是:

Server:

服务器:

  1. Install Company/Trusted CA on TFS machine as Trusted Authority root
  2. Preparing certificate for TFS and make it derive from company/trusted CA.
  3. Install it as Trusted Authority root in TFS machine
  4. Configure TFS-IIS binding in order to make TFS certificate to be compulsory for HTTPS connections
  1. 在 TFS 机器上安装 Company/Trusted CA 作为 Trusted Authority root
  2. 为 TFS 准备证书并使其源自公司/受信任的 CA。
  3. 在 TFS 机器中将其安装为 Trusted Authority root
  4. 配置 TFS-IIS 绑定以使 TFS 证书成为 HTTPS 连接的强制性证书

Client:

客户:

  1. Install CA certificate as Trusted Authority root on client machine (tried with Windows 7 and 10)
  2. Install TFS certificate as Trusted Authority root on client machine (you should see the lock in browser and connecting through it has to be recognized as secure)
  3. Install Git client (I have Git-2.15.1.2-64-bit).
  4. Run a shell (cmd, Powershell, Git-bash as you prefer) and digit this command: git config --global http.sslCAInfo C:/Users//ca-bundle.crt (because Git and Visual Studio have multiple folders where they store certificates, you are basically creating a global path for both of them)
  5. Now you should be able to see a new .gitconfig file with this content: [http] sslCAInfo = C:/Users//ca-bundle.crt
  6. if you digit command "git config --list --show-origin" you should see the new path/config added
  7. Copy ca-bundle.crt from C:\Program Files\Git\mingw64\ssl\certs path to C:/Users// path
  8. Export CA certificate as Base 64 X.509 (.CER) to up to you path (you can view certificates from IE Internet Options/Content/Certificates).
  9. Open it with editor like Notepad++ or whatever the CA certificate that you just exported. Content should be: -----BEGIN CERTIFICATE-----publickey-----END CERTIFICATE-----
  10. Copy this content
  11. Open the C:/Users//ca-bundle.crt and paste appending that content
  12. Export TFS certificate as Base 64 X.509 (.CER) to up to you path.
  13. Open it with the editor you prefer and copy the content
  14. Open the C:/Users//ca-bundle.crt and paste appending that content
  15. Save the file
  1. 在客户端计算机上将 CA 证书安装为 Trusted Authority root(在 Windows 7 和 10 中尝试)
  2. 在客户端机器上安装 TFS 证书作为 Trusted Authority 根(您应该在浏览器中看到锁定并通过它连接必须被识别为安全)
  3. 安装 Git 客户端(我有 Git-2.15.1.2-64 位)。
  4. 运行一个 shell(你喜欢的 cmd、Powershell、Git-bash)并将这个命令数字化: git config --global http.sslCAInfo C:/Users//ca-bundle.crt(因为 Git 和 Visual Studio 有多个文件夹存储证书,您基本上是为它们创建一个全局路径)
  5. 现在您应该能够看到一个包含以下内容的新 .g​​itconfig 文件: [http] sslCAInfo = C:/Users//ca-bundle.crt
  6. 如果您使用数字命令“git config --list --show-origin”,您应该会看到添加的新路径/配置
  7. 将 ca-bundle.crt 从 C:\Program Files\Git\mingw64\ssl\certs 路径复制到 C:/Users// 路径
  8. 将 CA 证书导出为 Base 64 X.509 (.CER) 到您指定的路径(您可以从 IE Internet Options/Content/Certificates 查看证书)。
  9. 使用 Notepad++ 等编辑器或您刚刚导出的任何 CA 证书打开它。内容应该是:-----BEGIN CERTIFICATE-----publickey-----END CERTIFICATE-----
  10. 复制此内容
  11. 打开 C:/Users//ca-bundle.crt 并粘贴附加该内容
  12. 将 TFS 证书导出为 Base 64 X.509 (.CER) 到您的路径。
  13. 用你喜欢的编辑器打开它并复制内容
  14. 打开 C:/Users//ca-bundle.crt 并粘贴附加该内容
  15. 保存文件

Now you should be able to clone repository.

现在您应该能够克隆存储库。

So basically the point is that certificate has to have the all chain authority in it and there has to be one.

所以基本上关键是证书必须具有所有链授权,并且必须有一个

相关推荐

git 如何使用 vs 代码将新的初始项目推送到 github

git 如何使用 vs 代码将新的初始项目推送到 github

更好的 Windows 命令行 shell

更好的 Windows 命令行 shell

git 有没有办法在 VS 代码中恢复到以前的提交?

git 有没有办法在 VS 代码中恢复到以前的提交?

windows 用于存储用户可配置应用程序设置的注册表与 INI 文件

windows 用于存储用户可配置应用程序设置的注册表与 INI 文件

相关推荐
最近更新
标签