How can I make git accept a self signed certificate?

[Originally posted by]: http://stackoverflow.com/questions/11621768/how-can-i-make-git-accept-a-self-signed-certificate

To permanently accept a specific certificate, try http.sslCAPath or http.sslCAInfo. Adam Spiers’s answer gives some great examples. This is the most secure solution to the question.

To disable TLS/SSL verification for a single git command, try passing -c to git with the proper config variable, or use Flow’s answer:

git -c http.sslVerify=false clone https://domain.com/path/to/git

To disable SSL verification for that singular repository, assuming it’s completely under your control, you can try:

git config http.sslVerify false

Disabling TLS(/SSL) certificate verification globally is a terribly insecure practice. Don’t do it. Do not issue the above command with a --global modifier.

There are quite a few SSL configuration options in git. From the man page of git config:

http.sslVerify
    Whether to verify the SSL certificate when fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_NO_VERIFY environment variable.

http.sslCAInfo
    File containing the certificates to verify the peer with when fetching or pushing
    over HTTPS. Can be overridden by the GIT_SSL_CAINFO environment variable.

http.sslCAPath
    Path containing files with the CA certificates to verify the peer with when
    fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_CAPATH environment variable.

A few other useful SSL configuration options:

http.sslCert
    File containing the SSL certificate when fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_CERT environment variable.

http.sslKey
    File containing the SSL private key when fetching or pushing over HTTPS.
    Can be overridden by the GIT_SSL_KEY environment variable.

http.sslCertPasswordProtected
    Enable git's password prompt for the SSL certificate. Otherwise OpenSSL will
    prompt the user, possibly many times, if the certificate or private key is encrypted.
    Can be overridden by the GIT_SSL_CERT_PASSWORD_PROTECTED environment variable.
shareedit
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s