server certificate verification failed. CAfile: /e

問題 (Question)

I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows message error as below.

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

我能夠把用SSH克隆項目，但它不工做的時候，我克隆項目 HTTPS。它顯示消息錯誤。

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

最佳答 (Best Answer)

You need to check the web certificate used for your gitLab server, and add it to your </git_intallation_folder>/bin/curl-ca-bundle.crt.

To check if at least the clone works without checking said certificate, you can set:

export GIT_SSL_NO_VERIFY=1#orgit config --global http.sslverify

But that would be for testing only, as illustrated in "SSL works with browser, wget, and curl, but fails with git", or in this blog post.

Check your GitLab settings, a in issue 4272.

---

To get that certificate (that you would need to ad to your curl-ca-bundle.crt file), type a:

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

To check the CA (Certificate Authority issuer), type a:

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1

---

Findekano adds in the comments:

to identify the location of curl-ca-bundle.crt, you could use the command

curl-config --ca

你須要檢查你的gitlab用於Web服務器的證書，並將其添加到你的</git_intallation_folder>/bin/curl-ca-bundle.crt。

要檢查是否至少克隆做品沒有檢查證書，您能夠設置：

export GIT_SSL_NO_VERIFY=1#orgit config --global http.sslverify

可是，將僅用於測試，如圖」SSL與瀏覽器，wget，捲曲，但不能使用Git「，或在這博客。

檢查你的gitlab設置，在問題4272。

---

獲取證書（你須要爲你的廣告curl-ca-bundle.crt文件），A型：

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

檢查CA（證書頒發機構發行），A型：

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1

---

findekano增長了在評論：

肯定的位置curl-ca-bundle.crt，你能夠使用命令

curl-config --ca

答 (Answer) 2

Open your terminal and run following command:

export GIT_SSL_NO_VERIFY=1

It works for me and I am using Linux system.

打開終端運行如下命令：

export GIT_SSL_NO_VERIFY=1

個人做品，我使用Linux系統。

答 (Answer) 3

Another cause of this problem might be that your clock might be off.  Certificates are time sensitive.

這個問題的另外一個緣由多是，你的時鐘可能離。證書是敏感的時間。

答 (Answer) 4

GIT_CURL_VERBOSE=1 git [clone|fetch]…

should tell you where the problem is.  In my case it was due to cURL not supporting PEM certificates when built against NSS, due to that support not being mainline in NSS (#726116 #804215 #402712 and more).

GIT_CURL_VERBOSE=1 git [clone|fetch]…

應該告訴你是哪裏的問題。在個人狀況下，這是因爲捲曲不支持PEM證書時，靠NSS，因爲支持不是主線在NSS（# 726116 # 804215 # 402712 和 更多）。