添加自签名SSL证书而不禁用授权签名的证书 [英] Adding self-signed SSL certificate without disabling authority-signed ones
问题描述
我有一个使用自签名证书通过https工作的企业git服务器。本地克隆包含两个远程 - 指向该服务器的源,另一个指向github。
默认情况下从原点拉出失败:
$ git pull
致命:无法访问'https ://user@code.example.com/git/fizzbuzz.git/':SSL证书问题:自签名证书
github远程工作正常。
有两种常用的解决方案:
git config http.sslVerify false
这是一个坏主意,在建议配置Git接受特定https远端的特定自签名服务器证书:
git config http.sslCAInfo<下载证书> .pem
修正了从原点拉出,但是破坏了github remote:
$ git pull github
致命:无法访问'https://github.com/us er / fizzbuzz.git /':SSL证书问题:无法获得本地发行者证书
如何制作如果你正在使用git 1.8.5+(2013年8月),那么从企业服务器上拉动工作而不会从github中拉出来?解析方案
,您可以为每个网址(!)指定http指令。
在你的情况下:
git config http。https://code.example.com/.sslVerify false
这将取消ssl验证,仅用于 code.example.com
url,而不是其他的。
或者:
git config http。https:// code.example.com/.sslCAInfo<下载的证书> .pem
同样的想法: 可以在git系统证书库中添加证书,该证书使用 git-for-windows ,位于 I have a corporate git server working through https using self-signed certificate. The local clone contains two remotes — the origin pointing to that server, and another pointing to github.
By default pulling from the origin fails: The github remote works fine. There are two often-suggested solutions: which is a bad idea, and the one suggested at configure Git to accept a particular self-signed server certificate for a particular https remote: which fixes pulling from origin, but break the github remote: How to make pulling from the corporate server work without breaking pulling from github? If you are using git 1.8.5+ (August 2013), you can specify http directives per url(!). In your case: That would cancel ssl verification, only for Or: Same idea: It is possible to add your certificate in the git system certificate store, which, with git-for-windows, in 这篇关于添加自签名SSL证书而不禁用授权签名的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! sslCAInfo
将指向<下载的证书> .pem
仅用于 code.example.com
urls。
C:\path\to\PortableGit- 2.6.1- 64-bit \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\包含内部证书的发行版。
$ git pull
fatal: unable to access 'https://user@code.example.com/git/fizzbuzz.git/': SSL certificate problem: self signed certificate
git config http.sslVerify false
git config http.sslCAInfo <downloaded certificate>.pem
$ git pull github
fatal: unable to access 'https://github.com/user/fizzbuzz.git/': SSL certificate problem: unable to get local issuer certificate
git config http."https://code.example.com/".sslVerify false
code.example.com
url, not for the other ones. git config http."https://code.example.com/".sslCAInfo <downloaded certificate>.pem
sslCAInfo
would point to <downloaded certificate>.pem
only for code.example.com
urls.C:\path\to\PortableGit-2.6.1-64-bit\usr\ssl\certs\ca-bundle.crt
.
It isn't the best practice though, unless you have to distribute a git distro with internal certificates in it.