Resolving SSL Self-Signed Certificate Errors

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

If you're using a self-signed certificate on your Bitbucket server, you may receive SSL certificate errors when you try to perform certain actions. This page will help you resolve this errors.

問題

When trying to perform a clone using instruction stated in Debug logging for Git operations on the client the following error is reported:

$ export GIT_CURL_VERBOSE=1

$ git clone https://username@git.example.com/scm/repository.git
Cloning into 'repository'...
* Couldn't find host git.example.com in the _netrc file; using defaults

* Adding handle: conn: 0x22a7568
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x22a7568) send_pipe: 1, recv_pipe: 0
* About to connect() to git.example.com port 443 (#0)
*   Trying 10.253.136.142...
* Connected to git.example.com (10.253.136.142) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: C:\Program Files (x86)\Git/bin/curl-ca-bundle.crt
  CApath: c:/Users/username/Downloads
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection 0
fatal: unable to access 'https://username@git.example.com/scm/repository.git': SSL certificate problem: self signed certificate in certificate chain

原因

This is caused by git not trusting the certificate provided by your server.

回避策

One possible workaround is to temporary disable SSL check for your git command in case you only need to perform a one time clone:

GIT_SSL_NO_VERIFY=true git clone https://username@git.example.com/scm/repository.git

The workaround is intended to be used for one time only operations and not to be used frequently. Removing the SSL verification disproves the whole concept of having SSL implemented.

ソリューション

Trust Certificate in your browser

To trust a self-signed certificate, you need to add it to your Keychain.

The easiest way to do that is to open the site in question in Safari, upon which you should get this dialog box:

Click 'Show Certificate' to reveal the full details:

Export Certificate in .pem format

Git doesn't use the Mac OS X keychain to resolve this, so you need to trust the certificate explicitly. 

  1. If you haven't done so already, follow the steps in 'Trust certificate in your browser', above
  2. Open Applications > Keychain Access and select 'Certificates' in the lower-left pane
  3. Type the website into the Search field in the top-right
  4. Select the certificate entry for the website, then in the menu click File > Export Items
  5. In the Save dialog, change 'File Format' to 'Privacy Enhanced Mail (.pem)' and save the file somewhere on your drive

Use exported certificate in git commands

Once the certificate is saved on the client you can instruct your git client to use it to trust the remote repository:

# Initial clone
GIT_SSL_CAINFO=/path/to/certificate.pem
git clone https://username@git.example.com/scm/repository.git

# Ensure all future interactions with origin remote also work
cd repository
git config http.sslCAInfo /path/to/certificate.pem

説明If you're using a self-signed certificate on your Bitbucket server, you may receive SSL certificate errors when you try to perform certain actions. This page will help you resolve this errors.
製品Bitbucket
プラットフォームサーバー
最終更新日: 2018 年 9 月 11 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.