server certificate verification failed. CAfile: /e

时间 2019-11-21

标签 server certificate verification failed cafile 繁體版

原文原文链接

问题 (Question)

I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows message error as below.php

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

我能够把用SSH克隆项目，但它不工做的时候，我克隆项目 HTTPS。它显示消息错误。html

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

最佳答 (Best Answer)

You need to check the web certificate used for your gitLab server, and add it to your </git_intallation_folder>/bin/curl-ca-bundle.crt.git

To check if at least the clone works without checking said certificate, you can set:github

export GIT_SSL_NO_VERIFY=1#orgit config --global http.sslverify

But that would be for testing only, as illustrated in "SSL works with browser, wget, and curl, but fails with git", or in this blog post.web

Check your GitLab settings, a in issue 4272.浏览器

To get that certificate (that you would need to ad to your curl-ca-bundle.crt file), type a:服务器

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

To check the CA (Certificate Authority issuer), type a:ssh

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1

Findekano adds in the comments:curl

to identify the location of curl-ca-bundle.crt, you could use the commandide

curl-config --ca

你须要检查你的gitlab用于Web服务器的证书，并将其添加到你的</git_intallation_folder>/bin/curl-ca-bundle.crt。

要检查是否至少克隆做品没有检查证书，您能够设置：

export GIT_SSL_NO_VERIFY=1#orgit config --global http.sslverify

可是，将仅用于测试，如图”SSL与浏览器，wget，卷曲，但不能使用Git“，或在这博客。

检查你的gitlab设置，在问题4272。

获取证书（你须要为你的广告curl-ca-bundle.crt文件），A型：

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

检查CA（证书颁发机构发行），A型：

echo -n | openssl s_client -showcerts -connect yourGitLabServer:YourHttpGilabPort 2>/dev/null  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1

findekano增长了在评论：

肯定的位置curl-ca-bundle.crt，你能够使用命令

curl-config --ca

答 (Answer) 2

Open your terminal and run following command:

export GIT_SSL_NO_VERIFY=1

It works for me and I am using Linux system.

打开终端运行如下命令：

export GIT_SSL_NO_VERIFY=1

个人做品，我使用Linux系统。

答 (Answer) 3

Another cause of this problem might be that your clock might be off. Certificates are time sensitive.

这个问题的另外一个缘由多是，你的时钟可能离。证书是敏感的时间。

答 (Answer) 4

GIT_CURL_VERBOSE=1 git [clone|fetch]…

should tell you where the problem is. In my case it was due to cURL not supporting PEM certificates when built against NSS, due to that support not being mainline in NSS (#726116 #804215 #402712 and more).

GIT_CURL_VERBOSE=1 git [clone|fetch]…

应该告诉你是哪里的问题。在个人状况下，这是因为卷曲不支持PEM证书时，靠NSS，因为支持不是主线在NSS（# 726116 # 804215 # 402712 和更多）。