Can't access Bitbucket Server with Git - Issuer certificate is invalid

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

要約

The following message is displayed when trying to push to a Bitbucket Server repository:

error: Issuer certificate is invalid. while accessing https://<USERNAME>@<BITBUCKET_HOST>:8443/ABC/test.git/info/refs
fatal: HTTP request failed

環境

  • Bitbucket Server/DC 7+

診断

You just added a self signed certificate to Bitbucket Server and now your users are getting errors:

fatal: unable to access 'https://<username>@<bitbucket_server>:<port>/<context>/scm/<project>/<repository>/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

原因

The Bitbucket Server certificate is not trusted by the git client.

回避策

A very good article on the subject can be found here on Stack Overflow. In summary, when you use a self-signed certificate Git doesn't trust the certificate that is being sent to it. You can fix this in three ways:

  1. On each client system run: git config --global http.sslVerify false
  2. Install the self-signed server certificate on the git client machine.
  3. Review if antivirus is replacing SSL certs in SSL connections.

(warning) Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporarily

ソリューション

To be able to use a self-signed certificate do the following:

ソリューション 1

  • Copy the Bitbucket Server instance's certificate.pem file to the git client's host. Instructions about this can be found on Secure Bitbucket with Tomcat using SSL document.
  • Convert the file into the X.509 format:

    openssl x509 -in certificate.pem -out certificate.crt
  • Now allow git to use this certificate by changing the user's git configuration file: 

    git config http.sslcainfo certificate.crt

(info) All commands must be executed in the <PATH> where the certificate was copied to.

ソリューション 2

Use a certificate that is signed by a Certificate Authority. These certificates are automatically trusted.

ソリューション 3

Antivirus installed in the client machine can also cause this issue. As an example Symantec Endpoint Protection has a feature that replaces all SSL certificates in a connection, which leads up the SSL connection not being trusted. In scenarios like this one, this feature must be disabled. You may need to reach out to your IT department for that assistance.

最終更新日 2022 年 8 月 31 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.