When interacting with a Git server that uses a self-signed certificate, you may encounter SSL certificate errors because Git does not trust self-signed certificates by default. To make Git accept self-signed certificates, you can use the following methods:
1. Use http.sslCAInfo or http.sslCAPath configuration option
Specify the CA certificate file for self-signed server certificates by setting http.sslCAInfo or http.sslCAPath in Git configuration. This makes Git trust all certificates issued by the specified CA.
# Specify CA certificate file git config --global http.sslCAInfo /path/to/ca-bundle.crt # Or specify a folder containing multiple CA certificates git config --global http.sslCAPath /path/to/cert/folder
This method is secure as it only trusts the specified CA certificate.
2. Use http.sslVerify to disable SSL verification
If you need to temporarily bypass SSL certificate verification, set http.sslVerify to false. This disables SSL certificate verification.
git config --global http.sslVerify false
Warning: Although this method is simple, it is not recommended for production environments as it makes your Git client vulnerable to man-in-the-middle attacks.
3. Use environment variable GIT_SSL_NO_VERIFY
When executing Git commands, temporarily disable SSL certificate verification by setting the environment variable GIT_SSL_NO_VERIFY.
# On Linux or Mac export GIT_SSL_NO_VERIFY=true git clone https://your-repo-url # On Windows set GIT_SSL_NO_VERIFY=true git clone https://your-repo-url
This method is suitable for temporary scenarios and is not recommended for long-term use.
4. Add self-signed certificate to system's trusted certificate store
Add your self-signed certificate to the operating system's trusted certificate store so that Git and other applications trust it. The specific steps vary by operating system.
For example, on Windows, import the certificate into "Trusted Root Certification Authorities" via "Manage Computer Certificates".
On Linux, copy the certificate to /usr/local/share/ca-certificates/ and then run update-ca-certificates.
Summary
Among the above methods, it is recommended to use the first method—configuring Git to specify the CA certificate—as it is the safest approach. Other methods, while simple, may introduce security risks. Choose the appropriate method based on your specific situation.