In Visual Studio, I'm trying to pull some changes from the repository on GitLab, but it gives me an error:
Git failed with a fatal error.
unable to accesshttps://gitlab...git/: SSL certificate problem: certificate has expired*
How can I generate a new certificate and add it to VS? I don't have any experience with GitLab.
Visual Studio should be using Git for Windows.
If you can export the certificate chain of your private GitLab server, you can add it to the ca-bundle.crt file in your git folder, in C:\path\to\Git\\usr\ssl\certs.
Update Sept. 2021: Let's Encrypt cross-signed DST Root CA X3 expired a few days ago: see here for more.
March 2022: as Mohammed S. Al Sahaf noted on Twitter, the top upvoted answer (git config --global http.sslVerify "false") is rarely, if ever, a good option.
Git (technically OpenSSL) is confused because Let's Encrypt old root is expired (See: "Let's Encrypt's Root Certificate is expiring!" from Scott Helme, founded @securityheaders/@reporturi, Pluralsight author).
That is not a good excuse to disable the validation!
On Windows, only clients with OpenSSL <= 1.0.2 or Windows < XP SP3 would only trust the IdenTrust DST Root CA X3 certificate.
See also "Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2" from Tomáš Mráz (t8m).
For private instances of GitLab, integrated with Let's encrypt, the expiration of Let's Encrypt certificate can matter.
In any case, do not remove http.sslVerify.
Add the right certificate to your trust store (after double-checking its validity/origin).