添加自签名SSL证书而不禁用授权签名的证书 [英] Adding self-signed SSL certificate without disabling authority-signed ones

问题描述

我有一个使用自签名证书通过https工作的企业git服务器。本地克隆包含两个远程 - 指向该服务器的源，另一个指向github。
默认情况下从原点拉出失败：

  $ git pull 
致命：无法访问'https ：//user@code.example.com/git/fizzbuzz.git/'：SSL证书问题：自签名证书
  

github远程工作正常。

有两种常用的解决方案：

  git config http.sslVerify false 
  

这是一个坏主意，在建议配置Git接受特定https远端的特定自签名服务器证书：

  git config http.sslCAInfo<下载证书> .pem 
  

修正了从原点拉出，但是破坏了github remote：

  $ git pull github 
致命：无法访问'https://github.com/us er / fizzbuzz.git /'：SSL证书问题：无法获得本地发行者证书
  

如何制作如果你正在使用git 1.8.5+（2013年8月），那么从企业服务器上拉动工作而不会从github中拉出来？解析方案

，您可以为每个网址（！）指定http指令。

在你的情况下：

  git config http。https://code.example.com/.sslVerify false 
  

这将取消ssl验证，仅用于 code.example.com url，而不是其他的。

或者：

  git config http。https：// code.example.com/.sslCAInfo<下载的证书> .pem 
  

同样的想法： sslCAInfo 将指向<下载的证书> .pem 仅用于 code.example.com urls。



可以在git系统证书库中添加证书，该证书使用 git-for-windows ，位于 C：\path\to\PortableGit- 2.6.1- 64-bit \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\包含内部证书的发行版。


I have a corporate git server working through https using self-signed certificate. The local clone contains two remotes — the origin pointing to that server, and another pointing to github. By default pulling from the origin fails:

$ git pull
fatal: unable to access 'https://user@code.example.com/git/fizzbuzz.git/': SSL certificate problem: self signed certificate

The github remote works fine.

There are two often-suggested solutions:

git config http.sslVerify false

which is a bad idea, and the one suggested at configure Git to accept a particular self-signed server certificate for a particular https remote:

git config http.sslCAInfo <downloaded certificate>.pem

which fixes pulling from origin, but break the github remote:

$ git pull github
fatal: unable to access 'https://github.com/user/fizzbuzz.git/': SSL certificate problem: unable to get local issuer certificate

How to make pulling from the corporate server work without breaking pulling from github?

解决方案

If you are using git 1.8.5+ (August 2013), you can specify http directives per url(!).

In your case:

git config http."https://code.example.com/".sslVerify false

That would cancel ssl verification, only for code.example.com url, not for the other ones.

Or:

git config http."https://code.example.com/".sslCAInfo <downloaded certificate>.pem

Same idea: sslCAInfo would point to <downloaded certificate>.pem only for code.example.com urls.

It is possible to add your certificate in the git system certificate store, which, with git-for-windows, in C:\path\to\PortableGit-2.6.1-64-bit\usr\ssl\certs\ca-bundle.crt.
It isn't the best practice though, unless you have to distribute a git distro with internal certificates in it.

这篇关于添加自签名SSL证书而不禁用授权签名的证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！