SourceTree 和 Stash:无法获得本地颁发者证书 [英] SourceTree and Stash: Unable to get local issuer certificate
问题描述
我们在 Windows 2008R2 服务器上安装了 Atlassian Stash,在大多数情况下,一切运行良好.我们有一个由本地本地 CA 颁发的 SSL 证书和一个 DNS 条目设置,因此我们可以转到 https://stash/ 并且它运行得非常好,除了在 Firefox 中它抛出一个警告(相关?).
We have Atlassian Stash installed on a Windows 2008R2 server, and for the most part everything is working nicely. We have an SSL certificate issued by our local on-premise CA and a DNS entry set up so we can go to https://stash/ and it works quite nicely, except in Firefox where it throws a warning (related?).
当使用 Atlassian 的 Sourcetree 时,我们可以导航并选择一个存储库,但是当我们尝试克隆它时,我们收到以下错误:
When using Atlassian's Sourcetree we can navigate and choose a repository, but when we try to clone it we get the following error:
致命:无法访问https://user@url/scm/etc/etc.git:SSL证书问题:无法获取本地颁发者证书
fatal: unable to access
https://user@url/scm/etc/etc.git: SSL certificate problem: unable to get local issuer certificate
如果我也从 git bash 尝试 if ,我也会得到同样的错误.基于这个错误,我试过 按照说明将 SSL 证书添加到 Git 中作为 也在他们的网站上找到,包括评论中的内容,都无济于事.我已经通过 Firefox 和 MMC 证书管理单元导出了证书,得到了相同的结果并将其放入自己的文件中,与 curl 文件结合使用,无论如何都会出现此错误.我还没有尝试让它与 SSH 密钥一起工作,因为我希望让我的团队更容易.
I get the same error if I try if from the git bash as well. Based on this error, I've tried following the instructions on adding the SSL certificate to the Git as also found on their website, including what is in the comments, to no avail. I have exported the cert through Firefox and through the MMC certificate snap-in, gotten the same results and put it in its own file, combined with the curl file, and no matter what keep getting this error. I have yet to try getting it to work with SSH keys yet since I was hoping to make this easier for my team.
我也尝试使用 ssh myserver 并接受连接,然后我输入密码并重新启动;还是一样的错误.
I also tried using ssh myserver and accepting the connection, and I entered my password and restarted; still the same error.
我也不想简单地忽略证书验证,因为那看起来有点毫无意义.
I do not want to simply ignore certificate validation either, since that seems a bit pointless, then.
我怎样才能使用我们的 CA 颁发的证书进行这项工作?
How can I get this working with our CA-issued cert?
推荐答案
在与一位直到今天外出的同行合作后,发现我一直只使用服务器本身的证书.我对所有文章的 [错误] 理解是,类似于处理自签名证书,您只需告诉 Git 信任该证书.对我们来说,情况并非如此.
After working with a peer who had been out until today, the revelation is that I had been using ONLY the certificate for the server itself. My [faulty] understanding of all the articles was that, similar to handling self-signed certs, you just tell Git to trust this cert. This is not the case for us.
相反,我应该导出并告诉 Git 信任的是来自我们域的根 CA 证书.我发誓我上周早些时候在这一切刚开始的时候就尝试过,但很遗憾我一定没有.
Instead, it is the Root CA Cert from our domain that I should have been exporting and telling Git to trust. I swear I tried that early last week when this all first started, but to my shame I must not have.
让这对任何发现自己处于我的位置的人发出警告!
Let this be a warning for anyone else who find themselves in my position!
这篇关于SourceTree 和 Stash:无法获得本地颁发者证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
