Platform Notice: Cloud, Server, and Data Center - This article applies equally to all platforms.
Support for Server* products will end after February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
The following is seen on the command line when pushing or pulling:
SSL Certificate problem: unable to get local issuer
Cause
There are two potential causes that have been identified for this issue.
A Self-signed certificate cannot be verified.
Default GIT crypto backend (Windows clients)
Resolution
Resolution #1 - Self Signed certificate
Workaround
Tell git to not perform the validation of the certificate using the global option:
git config --global http.sslVerify false
Please be advised disabling SSL verification globallymight be considered a security riskand should be implemented only temporarily
Please notice that we refer to the Certificate Authority in this article by the acronym CA.
There are several ways this issue has been resolved previously. Below we suggest possible solutions that should be run on the client side:
Ensure the root cert is added to git.exe's certificate store. The location of this file will depend on how/where GIT was installed. For instance,the trusted certificate store directory for Git Bash isC:\Program Files\Git\mingw64\ssl\certs. This is also discussed on this Microsoft blog.
Tell Git where to find the CA bundle, either by running:
Ensure that the Java KeyStore has the entire certificate chain (Intermediate CA and Root CA)
View the Certificate Chain Details inside the KeyStore using a tool like the KeyStore Explorerto check
Resolution #2 -Default GIT crypto backend
When using Windows, the problem resides that git by default uses the "Linux" crypto backend, so the GIT operation may not complete occasionally. Starting with Git for Windows 2.14, you can configure Git to use SChannel, the built-in Windows networking layer as the crypto backend. To do that, just run the following command in the GIT client:
git config --global http.sslbackend schannel
This means that it will use the Windows certificate storage mechanism and youdon'tneed to explicitly configure the curl CA storage (http.sslCAInfo) mechanism.
Description
The following is seen on the command line when pushing or pulling: SSL Certificate problem: unable to get local issuer. This error occurs when a self-signed certificate cannot be verified.
I am an expert in the field of version control systems and software development, particularly well-versed in the intricacies of Git and its various configurations. My depth of knowledge stems from hands-on experience and a comprehensive understanding of the underlying technologies. I've successfully navigated and resolved a multitude of Git-related issues, including SSL certificate problems and their resolutions.
In the context of the provided article about SSL certificate problems in Git, I'll break down the key concepts and solutions:
SSL Certificate Problem: Unable to Get Local Issuer:
Cause: The issue arises when pushing or pulling, indicating a problem with SSL certificate verification.
Resolution #1 - Self-Signed Certificate:
Workaround: Disable SSL verification globally using git config --global http.sslVerify false. Note: This should be considered a temporary solution due to security risks.
Client-Side Resolution: Various solutions for the client side include adding the root cert to Git's certificate store, specifying the CA bundle path, or reinstalling Git. Ensure the complete certificate chain is present in the CA bundle file.
Resolution #2 - Default Git Crypto Backend:
Issue: Default Git crypto backend on Windows may lead to occasional incomplete operations.
Solution: Starting with Git for Windows 2.14, configure Git to use SChannel as the crypto backend with git config --global http.sslbackend schannel. This utilizes the Windows certificate storage mechanism.
Platform Notice: Cloud, Server, and Data Center:
The article applies to all platforms (Cloud, Server, and Data Center).
Support for Server products is set to end after February 15th, 2024. Users of Server products are advised to review migration options.
Atlassian Server End of Support Announcement:
Users running Atlassian Server products are directed to visit the Atlassian Server end of support announcement to explore migration options.
Bitbucket:
The SSL certificate problem can occur in the context of Bitbucket Server.
Server-side resolution involves ensuring the Java KeyStore has the complete certificate chain when SSL-terminating connectors are used.
Default Git Crypto Backend on Windows:
On Windows, Git may default to the "Linux" crypto backend, causing occasional issues.
Starting with Git for Windows 2.14, SChannel can be configured as the crypto backend to address problems with Git operations.
Understanding and implementing these resolutions will contribute to a smoother Git experience, particularly when dealing with SSL certificate verification issues on various platforms.
The unable to get local issuer certificate error is caused by the misconfiguration of the SSL certificate on your local machine. When pushing, pulling, or cloning, Git cannot verify your SSL certification, which leads to the error.
You can't modify certificate contents, because they are digitally signed by an issuer. By changing any bit in the certificate you will make it totally invalid. Instead, you have to generate new certificate signing request and provide correct names there.
If your website is still using a self-signed certificate, you will need to replace it with a valid certificate issued by a trusted CA. Purchase and install a signed certificate matched to your domain to resolve the trust issue.
If you received a 503 error message, you must ensure that your origin server's SSL certificates meet certain criteria. The most common reason observed for the 503 error is due to an issue with a certificate in the SSL certificate chain.
What Causes an SSL Certificate_Verify_Failed Error? SSL certificate_verify_failed errors typically occur as a result of outdated Python default certificates or invalid root certificates. If you're a website owner and you're receiving this error, it could be because you're not using a valid SSL certificate.
What's causing the “Server SSL certificate verification failed” error? Whether this is with WordPress repos or any other code on SVN, this indicates an issue with the SSL certificate. What's important here is that last part: “issue is not trusted”. The certificate couldn't be confirmed so you should tread with caution.
Unable to get issuer certificate: The issuer certificate of the client certificate couldn't be found. This normally means the trusted client CA certificate chain is not complete on the Application Gateway.
If you're on Windows simply right-click into the properties of the launcher. Then add --ignore-certificate-errors in the target field. Then restart Chrome.
Hobby: Flower arranging, Yo-yoing, Tai chi, Rowing, Macrame, Urban exploration, Knife making
Introduction: My name is Madonna Wisozk, I am a attractive, healthy, thoughtful, faithful, open, vivacious, zany person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
Please be advised disabling SSL verification globallymight be considered a security riskand should be implemented only temporarily