Currently, I get this error:
$ git clone https://github.com/square/haha.git
Cloning into 'haha'...
fatal: unable to access 'https://github.com/square/haha.git/': SSL certificate problem: self signed certificate in certificate chain
I am on a Windows 7 machine. I've learned that Github's certificate is signed by DigiCert. If I look in Trusted Root Certification Authorities > Certificates, I see certificates Issued To DigiCert:
DigiCert Assured ID Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert High Assurance EV Root CA
DigiCert Trusted Root G4
Is the GitHub certificate contained within one of these? If so, how do I use it? If not how do I get it?
Edit - more info:
I can set sslVerify to false and it works, but this is not secure of course.
I can use git:// instead of https://. This also works, but is not https.
I CANNOT USE SSH as this environment does not have proxies set up. Using ssh:
$ git clone ssh://github.com/square/haha.git
Cloning into 'haha'...
D:/Program Files/Git/usr/bin/bash: -c: line 0: syntax error near unexpected token `<'
D:/Program Files/Git/usr/bin/bash: -c: line 0: `exec corkscrew <proxyhost> <proxyport> ssh.github.com 443 ~/.ssh/proxy_auth'
write: Broken pipe
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The idea is to download the self-signed certificate, and reference it during the clone:
git -c http.sslCAInfo=/path/to/self/signed/cert clone https://github.com/square/haha.git
For instance, you can use iwonbigbro/tools/bin/git-remote-install-cert.sh to:
download said certificates (including the self-signed one)
openssl s_client -connect
register that certificate:
git config --global http.sslCAPath "$HOME/.gitcerts"
(here $HOME/.gitcerts is a directory in which all certificates can be found by git)
That tool, since it is called git-remote-install-cert.sh, is executed by a git remote-install-cert (even on Windows).
I would recommend though to use the latest PortableGit-2.5.1-64-bit.7z.exe, uncompressed anywhere (like in C:\prgs\PortableGit-2.5.1-64-bit).
Then call C:\prgs\PortableGit-2.5.1-64-bit\git-bash.exe, check $PATH and try git remote-install-cert.
Example, in a simple DOS session, with a PATH including C:\prgs\bin:
(it also include C:\prgs\PortableGit-2.5.1-64-bit\bin, which means I am using git 2.5.0 here)
C:\prgs\bin\git-remote-install-cert in which you copy iwonbigbro/tools/bin/git-remote-install-cert.sh (so no trailing .sh in the final local script file name)mkdir -m 0700 -p ${cert%/*} to mkdir -p ${cert%/*} (no need to change the line 37 though)Go into an existing repo.
Or create one, and add the remote origin url:
(Of course, adapt the path to your environment)
cd C:\Users\vonc\prog
git init b2d
cd b2d
git remote add origin https://github.com/VonC/b2d
Finally, call the script from that repo
C:\Users\vonc\prog\b2d>git remote-install-cert
Requesting certificate from the server...
Certificate installed to: /c/Users/vonc/.gitcerts/github.com.crt
That will give you the certificates:
C:\Users\vonc\prog\b2d>type C:\Users\vonc\.gitcerts\github.com.crt
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgIQDACTENIG2+M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQwODAwMDAwMFoXDTE2MDQxMjEy
MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
Ewc1MTU3NTUwMRcwFQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQx
....
From there, you can, still in that repo, fetch using that certificate:
cd C:\Users\vonc\prog\b2d
git config http.sslcapath C:\Users\vonc\.gitcerts
git fetch
git checkout master