Can't access Stash with Git - Issuer certificate is invalid
症状
The following message is displayed when trying to push to a Stash repository:
error: Issuer certificate is invalid. while accessing https://<USERNAME>@<STASH_HOST>:8443/ABC/test.git/info/refs
fatal: HTTP request failed
You just added a self signed certificate to Stash and now your users are getting errors:
fatal: unable to access 'https://<username>@<stash_server>:<port>/<context>/scm/<project>/<repository>/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none原因
The Stash certificate is not trusted by the git client.
回避策
A very good article on the subject can be found here on Stack Overflow. In summary when you use a self signed certificate Git doesn't trust the certificate that is being sent to it. You can fix this in two ways:
- On each client system run:
git config --global http.sslVerify false - The safer solution is to install the self signed server certificate on the git client machine.
I would suggest reviewing all of the answers and comments on that post as there are many competing opinions on the subject.
ソリューション
To be able to use a self-signed certificate do the following:
ソリューション 1
- Copy the Stash server's
certificate.pemfile to the git client's host. - Convert the file into the
X.509format.
openssl x509 -in certificate.pem -out certificate.crt
- Now allow git to use this certificate by changing the user's git configuration file:
git config http.sslcainfo certificate.crt
All commands must be executed in the <PATH> where the certificate was copied to.
ソリューション 2
Use a certificate that is signed by a Certificate Authority. These certificates are automatically trusted.