在Windows 7上使用git为GitHub提供https证书错误 [英] Https certificate errors for GitHub using git on Windows 7
问题描述
目前,我得到这个错误:
$ git clone https://github.com/square/haha.git
克隆到'哈哈'...
致命:无法访问'https://github.com/square/haha.git/':SSL证书问题:证书链中的自签名证书
我在Windows 7机器上。我了解到,Github的证书由DigiCert签署。如果我查看受信任的根证书颁发机构>证书,我会看到颁发给DigiCert的证书:
DigiCert Assured ID Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert高保证EV根CA
DigiCert受信任的根G4
GitHub证书包含在一个这些?
如果是这样,我该如何使用它?如果不是我怎么得到它?
编辑 - 更多信息:
我可以将sslVerify设置为false并且它可以工作,但这不是安全的当然。
我可以使用git://而不是https://。这也适用,但不是https。
我无法使用SSH,因为此环境没有设置代理。
使用ssh:
$ git克隆ssh://github.com/square/haha.git
克隆到'haha'中...
D:/ Program Files / Git / usr / bin / bash:-c:第0行:语法错误在意外标记附近'<'
D:/ Program Files / Git / usr / bin / bash:-c:第0行:`exec corkscrew< proxyhost> < proxyport> ssh.github.com 443〜/ .ssh / proxy_auth'
写入:损坏的管道
致命:无法从远程存储库读取。
请确保您拥有正确的访问权限
并存在存储库。
这个想法是下载自签名证书,并在克隆期间引用它:
git -c http.sslCAInfo = / path / to / self / signed / cert clone https ://github.com/square/haha.git
例如,您可以使用 iwonbigbro / tools / bin / git- remote-install-cert.sh
到:
-
下载所述证书(包括
openssl s_client -connect
$ p $
注册该证书:
git config --global http .sslCAPath$ HOME / .gitcerts
(这里 $ HOME / .gitcerts
是一个可以通过git找到所有证书的目录)
,因为它被称为 git-re mote-install-cert.sh
,由 git remote-install-cert
执行(甚至在Windows上)。
我会推荐使用最新的 PortableGit-2.5.1-64-bit.7z.exe
,在任何地方解压缩(如 C:\prgs\PortableGit-2.5.1-64-位
)。
然后调用 C:\prgs\PortableGit-2.5.1-64-bit\git-bash.exe
,检查 $ PATH
和尝试 git remote-install-cert
。
一个简单的DOS会话,带有 PATH
包括 C:\prgs\bin
:
(它还包含 C:\prgs\PortableGit-2.5.1-64-bit\bin
,这意味着我在这里使用git 2.5.0)
- 创建一个文件
C:\prgs\bin\git-remote-install-cert
在其中复制iwonbigbro / tools / bin / git- remote-install-cert.sh
(所以在最终的本地脚本文件名中没有尾随.sh
) - 将第111行从
mkdir -m 0700 -p $ {cert%/ *}
更改为mkdir -p $ {cert %/ *}
(不需要改变第37行) -
进入现有的仓库。一个,并添加远程起源网址:
(当然,调整路径到您的环境)
pre $cd C:\ Users \ vonc\prog
git init b2d
cd b2d
git remote add origin https://github.com/VonC/b2d
-
最后,从该回购库中调用脚本
C:\Users\vonc\prog\b2d> git remote-install-cert
从服务器请求证书...
证书安装到: /c/Users/vonc/.gitcerts/github.com.crt
这会为您提供证书:
C:\Users\vonc\prog\b2d>类型C:\ Users \ vonc\.gitcerts\github .com.crt
----- BEGIN CERTIFICATE -----
MIIF4DCCBMigAwIBAgIQDACTENIG2 + M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQwODAwMDAwMFoXDTE2MDQxMjEy
MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
Ewc1MTU3NTUwMRcwFQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQx
....
从那里开始,仍在该回购协议中,使用该证书获取:
cd C:\ Users \ vonc\prog\b2d
git config http.sslcapath C:\ Users \ vonc \.gitcert s
git fetch
git checkout master
Currently, I get this error:
$ git clone https://github.com/square/haha.git
Cloning into 'haha'...
fatal: unable to access 'https://github.com/square/haha.git/': SSL certificate problem: self signed certificate in certificate chain
I am on a Windows 7 machine. I've learned that Github's certificate is signed by DigiCert. If I look in Trusted Root Certification Authorities > Certificates, I see certificates Issued To DigiCert:
DigiCert Assured ID Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert High Assurance EV Root CA
DigiCert Trusted Root G4
Is the GitHub certificate contained within one of these? If so, how do I use it? If not how do I get it?
Edit - more info:
I can set sslVerify to false and it works, but this is not secure of course.
I can use git:// instead of https://. This also works, but is not https.
I CANNOT USE SSH as this environment does not have proxies set up. Using ssh:
$ git clone ssh://github.com/square/haha.git
Cloning into 'haha'...
D:/Program Files/Git/usr/bin/bash: -c: line 0: syntax error near unexpected token `<'
D:/Program Files/Git/usr/bin/bash: -c: line 0: `exec corkscrew <proxyhost> <proxyport> ssh.github.com 443 ~/.ssh/proxy_auth'
write: Broken pipe
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The idea is to download the self-signed certificate, and reference it during the clone:
git -c http.sslCAInfo=/path/to/self/signed/cert clone https://github.com/square/haha.git
For instance, you can use iwonbigbro/tools/bin/git-remote-install-cert.sh
to:
download said certificates (including the self-signed one)
openssl s_client -connect
register that certificate:
git config --global http.sslCAPath "$HOME/.gitcerts"
(here $HOME/.gitcerts
is a directory in which all certificates can be found by git)
That tool, since it is called git-remote-install-cert.sh
, is executed by a git remote-install-cert
(even on Windows).
I would recommend though to use the latest PortableGit-2.5.1-64-bit.7z.exe
, uncompressed anywhere (like in C:\prgs\PortableGit-2.5.1-64-bit
).
Then call C:\prgs\PortableGit-2.5.1-64-bit\git-bash.exe
, check $PATH
and try git remote-install-cert
.
Example, in a simple DOS session, with a PATH
including C:\prgs\bin
:
(it also include C:\prgs\PortableGit-2.5.1-64-bit\bin
, which means I am using git 2.5.0 here)
- create a file
C:\prgs\bin\git-remote-install-cert
in which you copyiwonbigbro/tools/bin/git-remote-install-cert.sh
(so no trailing.sh
in the final local script file name) - Change the line 111 from
mkdir -m 0700 -p ${cert%/*}
tomkdir -p ${cert%/*}
(no need to change the line 37 though) Go into an existing repo.
Or create one, and add the remote origin url:
(Of course, adapt the path to your environment)cd C:\Users\vonc\prog git init b2d cd b2d git remote add origin https://github.com/VonC/b2d
Finally, call the script from that repo
C:\Users\vonc\prog\b2d>git remote-install-cert Requesting certificate from the server... Certificate installed to: /c/Users/vonc/.gitcerts/github.com.crt
That will give you the certificates:
C:\Users\vonc\prog\b2d>type C:\Users\vonc\.gitcerts\github.com.crt
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgIQDACTENIG2+M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQwODAwMDAwMFoXDTE2MDQxMjEy
MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
Ewc1MTU3NTUwMRcwFQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQx
....
From there, you can, still in that repo, fetch using that certificate:
cd C:\Users\vonc\prog\b2d
git config http.sslcapath C:\Users\vonc\.gitcerts
git fetch
git checkout master
这篇关于在Windows 7上使用git为GitHub提供https证书错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!