git SourceTree 和 Stash:无法获得本地颁发者证书
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24871897/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SourceTree and Stash: Unable to get local issuer certificate
提问by squid808
We have Atlassian Stash installed on a Windows 2008R2 server, and for the most part everything is working nicely. We have an SSL certificate issued by our local on-premise CA and a DNS entry set up so we can go to https://stash/and it works quite nicely, except in Firefox where it throws a warning (related?).
我们在 Windows 2008R2 服务器上安装了 Atlassian Stash,在大多数情况下,一切运行良好。我们有一个由本地本地 CA 颁发的 SSL 证书,并设置了一个 DNS 条目,因此我们可以访问https://stash/它并且它运行得非常好,除了在 Firefox 中它会抛出警告(相关?)。
When using Atlassian's Sourcetree we can navigate and choose a repository, but when we try to clone it we get the following error:
使用 Atlassian 的 Sourcetree 时,我们可以导航并选择一个存储库,但是当我们尝试克隆它时,我们会收到以下错误:
fatal: unable to access
https://user@url/scm/etc/etc.git: SSL certificate problem: unable to get local issuer certificate
致命:无法访问
https://user@url/scm/etc/etc.git:SSL 证书问题:无法获得本地颁发者证书
I get the same error if I try if from the git bash as well. Based on this error, I've tried following the instructionson adding the SSL certificate to the Git as also found on their website, including what is in the comments, to no avail. I have exported the cert through Firefox and through the MMC certificate snap-in, gotten the same results and put it in its own file, combined with the curl file, and no matter what keep getting this error. I have yet to try getting it to work with SSH keys yet since I was hoping to make this easier for my team.
如果我也从 git bash 尝试 if ,我也会得到同样的错误。基于此错误,我尝试按照在其网站上也可以找到的将 SSL 证书添加到 Git的说明进行操作,包括评论中的内容,但无济于事。我已经通过 Firefox 和 MMC 证书管理单元导出了证书,得到了相同的结果并将其放入自己的文件中,与 curl 文件结合使用,无论如何都会出现此错误。我还没有尝试让它与 SSH 密钥一起工作,因为我希望让我的团队更容易。
I also tried using ssh myserverand accepting the connection, and I entered my password and restarted; still the same error.
我也尝试使用ssh myserver并接受连接,然后输入密码并重新启动;还是同样的错误。
I do not want to simply ignore certificate validationeither, since that seems a bit pointless, then.
我也不想简单地忽略证书验证,因为这似乎有点毫无意义。
How can I get this working with our CA-issued cert?
我怎样才能使用我们的 CA 颁发的证书来使用它?
采纳答案by squid808
After working with a peer who had been out until today, the revelation is that I had been using ONLY the certificate for the server itself. My [faulty] understanding of all the articles was that, similar to handling self-signed certs, you just tell Git to trust this cert. This is not the case for us.
在与一位直到今天一直外出的同行合作后,发现我一直只使用服务器本身的证书。我对所有文章的 [错误] 理解是,类似于处理自签名证书,您只需告诉 Git 信任此证书。对我们来说,情况并非如此。
Instead, it is the Root CA Cert from our domain that I should have been exporting and telling Git to trust. I swear I tried that early last week when this all first started, but to my shame I must not have.
相反,我应该导出并告诉 Git 信任的是来自我们域的根 CA 证书。我发誓我上周早些时候在这一切刚开始的时候就尝试过,但令我遗憾的是我一定没有。
Let this be a warning for anyone else who find themselves in my position!
让这成为对任何发现自己处于我位置的人的警告!
回答by Bohemian
I just disabled SSL certificate checks (which is fine for internal repos):
我刚刚禁用了 SSL 证书检查(这对内部存储库很好):
Tools > Options > Git > Disable SSL certificate validation (ticked)
回答by Liu Jisper
You'll need to use the full chain certificate for your service which means not only your certificate but the intermidate and root ca in the cert file
您需要为您的服务使用完整的链证书,这不仅意味着您的证书,还意味着证书文件中的中间证书和根证书
