如何在cygwin上的git中添加企业证书颁发机构（CA）（和一些Linux发行版） [英] How to add an enterprise certificate authority (CA) to git on cygwin (and some linux distros)

问题描述

在Cygwin上使用git进行获取时，您将得到：

When fetching with git on Cygwin you get:

Fetching origin
fatal: unable to access 'https://.../...git': SSL certificate problem: self signed certificate in certificate chain
error: Could not fetch origin

证书已添加到 /etc/ssl/certs/ca-bundle.crt 和其他捆绑文件，但是在下一次Cygwin更新时，问题再次出现。

The certificate was added to /etc/ssl/certs/ca-bundle.crt and other bundle files, but on the next Cygwin update the problem reappeared.

推荐答案

git-remote-https 将读取以下文件以获取ca证书：

git-remote-https will read the following files for ca certificates:

/etc/ssl/certs/ca-bundle.crt
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

如果您编辑这些文件，它们将是每次运行Cygwin设置时，该值都会被覆盖，并且 ca证书软件包。

If you edit these files, they will be overwritten each time the Cygwin setup is run and there is an update for the ca-certificates package.

正确/ proper解决方案是将证书添加到提取目录并运行提取脚本update-ca-trust：

The correct/proper solution is to add the certificate to the pick up directory and run the pickup script, update-ca-trust:

curl -sL http://ca.pdinc.us  > /etc/pki/ca-trust/source/anchors/ca.pdinc.us.pem \
&& update-ca-trust

ca-certificates软件包的安装后脚本将自动重新运行更新-每次升级都使用ca-trust脚本。有关更多信息：

The post install script for the ca-certificates package will automatically rerun the update-ca-trust script on every upgrade. For more information:

man update-ca-trust

这篇关于如何在cygwin上的git中添加企业证书颁发机构（CA）（和一些Linux发行版）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！