问题 (Question)
I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows message error as below.
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none我可以把用SSH克隆项目,但它不工作的时候,我克隆项目 HTTPS。它显示消息错误。
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none最佳答 (Best Answer)
You need to check the web certificate used for your gitLab server, and add it to your </git_intallation_folder>/bin/curl-ca-bundle.crt.
To check if at least the clone works without checking said certificate, you can set:
export GIT_SSL_NO_VERIFY=1#orgit config --global http.sslverifyBut that would be for testing only, as illustrated in "SSL works with browser, wget, and curl, but fails with git", or in this blog post.
Check your GitLab settings, a in issue 4272.
To get that certificate (that you would need to ad to your curl-ca-bundle.crt file), type a:
echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'To check the CA (Certificate Authority issuer), type a:
echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1Findekano adds in the comments:
to identify the location of
curl-ca-bundle.crt, you could use the command
curl-config --ca你需要检查你的gitlab用于Web服务器的证书,并将其添加到你的</git_intallation_folder>/bin/curl-ca-bundle.crt。
要检查是否至少克隆作品没有检查证书,您可以设置:
export GIT_SSL_NO_VERIFY=1#orgit config --global http.sslverify但是,将仅用于测试,如图”SSL与浏览器,wget,卷曲,但不能使用Git“,或在这博客。
检查你的gitlab设置,在问题4272。
获取证书(你需要为你的广告curl-ca-bundle.crt文件),A型:
echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'检查CA(证书颁发机构发行),A型:
echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1确定的位置
curl-ca-bundle.crt,你可以使用命令
curl-config --ca答 (Answer) 2
Open your terminal and run following command:
export GIT_SSL_NO_VERIFY=1It works for me and I am using Linux system.
打开终端运行以下命令:
export GIT_SSL_NO_VERIFY=1我的作品,我使用Linux系统。
答 (Answer) 3
Another cause of this problem might be that your clock might be off. Certificates are time sensitive.
这个问题的另一个原因可能是,你的时钟可能离。证书是敏感的时间。
答 (Answer) 4
GIT_CURL_VERBOSE=1 git [clone|fetch]…should tell you where the problem is. In my case it was due to cURL not supporting PEM certificates when built against NSS, due to that support not being mainline in NSS (#726116 #804215 #402712 and more).
GIT_CURL_VERBOSE=1 git [clone|fetch]…应该告诉你是哪里的问题。在我的情况下,这是由于卷曲不支持PEM证书时,靠NSS,由于支持不是主线在NSS(# 726116 # 804215 # 402712 和 更多)。
