SourceTree and Stash: Unable to get local issuer certificate
We have Atlassian Stash installed on a windows 2k8 r2 server, and for the most part everything is working nicely. We have a SSL certificate issued by our local on-premise CA and a DNS entry set up so we can go to
https://stash/ and it works quite nicely except in Firefox where it throws a warning (related?).
When using Atlassian’s SourceTree we can navigate and choose a repository, but when we try to clone it we get the following error:
fatal: unable to access
certificate problem: unable to get local issuer certificate
I get the same error if I try if from the git bash as well. Based on this error, I’ve tried following the instructions on adding the SSL certificate to the Git as also found on their website, including what is in the comments, to no avail. I have exported the cert through firefox and through the mmc certificate snapin, gotten the same results and put it in it’s own file, combined with the curl file, and no matter what keep getting this error. I have yet to try getting it to work with SSH keys yet since I was hoping to make this easier for my team.
I also tried using ssh myserver and accepting the connection, and I entered my password and restarted, still the same error.
I do not want to simply ignore certificate validation either, since that seems a bit pointless, then.
I have tried various other solutions found on SO, but have made zero headway. How can I get this working with our CA-issued cert?
2 Solutions collect form web for “SourceTree and Stash: Unable to get local issuer certificate”
I just disabled SSL certificate checks (which is fine for internal repos):
Tools > Options > Git > Disable SSL certificate validation (ticked)
After working with a peer who had been out until today, the revelation is that I had been using ONLY the certificate for the server itself. My [faulty] understanding of all the articles was that, similar to handling self-signed certs, you just tell Git to trust this cert. This is not the case for us.
Instead, it is the Root CA Cert from our domain that I should have been exporting and telling Git to trust. I swear I tried that early last week when this all first started, but to my shame I must not have.
Let this be a warning for anyone else who find themselves in my position!