在Windows 7上使用git为GitHub提供https证书错误 [英] Https certificate errors for GitHub using git on Windows 7

查看:211
本文介绍了在Windows 7上使用git为GitHub提供https证书错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

目前,我得到这个错误: 

  $ git clone https://github.com/square/haha.git 
克隆到'哈哈'... 
致命:无法访问'https://github.com/square/haha.git/':SSL证书问题:证书链中的自签名证书

我在Windows 7机器上。我了解到,Github的证书由DigiCert签署。如果我查看受信任的根证书颁发机构>证书,我会看到颁发给DigiCert的证书: 

  DigiCert Assured ID Root CA 
 DigiCert Assured ID Root G2 
 DigiCert Assured ID Root G3 
 DigiCert Global Root CA 
 DigiCert Global Root G2 
 DigiCert Global Root G3 
 DigiCert高保证EV根CA 
 DigiCert受信任的根G4

GitHub证书包含在一个这些?
如果是这样,我该如何使用它?如果不是我怎么得到它?



编辑 - 更多信息:

我可以将sslVerify设置为false并且它可以工作,但这不是安全的当然。

我可以使用git://而不是https://。这也适用,但不是https。



我无法使用SSH,因为此环境没有设置代理。
使用ssh: 

  $ git克隆ssh://github.com/square/haha.git 
克隆到'haha'中... 
 D:/ Program Files / Git / usr / bin / bash:-c:第0行:语法错误在意外标记附近'<'
 D:/ Program Files / Git / usr / bin / bash:-c:第0行:`exec corkscrew< proxyhost> < proxyport> ssh.github.com 443〜/ .ssh / proxy_auth'
写入:损坏的管道
致命:无法从远程存储库读取。 
 
请确保您拥有正确的访问权限
并存在存储库。


解决方案

这个想法是下载自签名证书,并在克隆期间引用它: 

  git -c http.sslCAInfo = / path / to / self / signed / cert clone https ://github.com/square/haha.git

例如,您可以使用 iwonbigbro / tools / bin / git- remote-install-cert.sh 到:




  • 下载所述证书(包括

      openssl s_client -connect 
            
     
  •  
    注册该证书: 
     
     
      git config --global http .sslCAPath$ HOME / .gitcerts
          
     
    •


(这里 $ HOME / .gitcerts 是一个可以通过git找到所有证书的目录)



,因为它被称为 git-re mote-install-cert.sh ,由 git remote-install-cert 执行(甚至在Windows上)。



我会推荐使用最新的 PortableGit-2.5.1-64-bit.7z.exe ,在任何地方解压缩(如 C:\prgs\PortableGit-2.5.1-64-位)。

然后调用 C:\prgs\PortableGit-2.5.1-64-bit\git-bash.exe ,检查 $ PATH 和尝试 git remote-install-cert





一个简单的DOS会话,带有 PATH 包括 C:\prgs\bin

(它还包含 C:\prgs\PortableGit-2.5.1-64-bit\bin ,这意味着我在这里使用git 2.5.0)




  • 创建一个文件 C:\prgs\bin\git-remote-install-cert 在其中复制 iwonbigbro / tools / bin / git- remote-install-cert.sh (所以在最终的本地脚本文件名中没有尾随 .sh

  • 将第111行从 mkdir -m 0700 -p $ {cert%/ *} 更改为 mkdir -p $ {cert %/ *} (不需要改变第37行)

  • 进入现有的仓库。一个,并添加远程起源网址:

    (当然,调整路径到您的环境)

    pre $ cd C:\ Users \ vonc\prog
    git init b2d
    cd b2d
    git remote add origin https://github.com/VonC/b2d


  • 最后,从该回购库中调用脚本 

      C:\Users\vonc\prog\b2d> git remote-install-cert 
    从服务器请求证书... 
    证书安装到: /c/Users/vonc/.gitcerts/github.com.crt




这会为您提供证书:

  C:\Users\vonc\prog\b2d>类型C:\ Users \ vonc\.gitcerts\github .com.crt 
 ----- BEGIN CERTIFICATE ----- 
 MIIF4DCCBMigAwIBAgIQDACTENIG2 + M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1 
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 
 d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk 
 IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQwODAwMDAwMFoXDTE2MDQxMjEy 
 MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB 
 BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF 
 Ewc1MTU3NTUwMRcwFQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQx 
 ....

从那里开始,仍在该回购协议中,使用该证书获取: 

  cd C:\ Users \ vonc\prog\b2d 
 git config http.sslcapath C:\ Users \ vonc \.gitcert s 
 git fetch 
 git checkout master


Currently, I get this error:

$ git clone https://github.com/square/haha.git
Cloning into 'haha'...
fatal: unable to access 'https://github.com/square/haha.git/': SSL certificate problem: self signed certificate in certificate chain

I am on a Windows 7 machine. I've learned that Github's certificate is signed by DigiCert. If I look in Trusted Root Certification Authorities > Certificates, I see certificates Issued To DigiCert: 

DigiCert Assured ID Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert High Assurance EV Root CA
DigiCert Trusted Root G4

Is the GitHub certificate contained within one of these? If so, how do I use it? If not how do I get it?

Edit - more info:
I can set sslVerify to false and it works, but this is not secure of course.
I can use git:// instead of https://. This also works, but is not https.

I CANNOT USE SSH as this environment does not have proxies set up. Using ssh:

    $ git clone ssh://github.com/square/haha.git
    Cloning into 'haha'...
    D:/Program Files/Git/usr/bin/bash: -c: line 0: syntax error near unexpected token `<'
    D:/Program Files/Git/usr/bin/bash: -c: line 0: `exec corkscrew <proxyhost> <proxyport> ssh.github.com 443 ~/.ssh/proxy_auth'
    write: Broken pipe
    fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

解决方案

The idea is to download the self-signed certificate, and reference it during the clone:

git -c http.sslCAInfo=/path/to/self/signed/cert clone https://github.com/square/haha.git

For instance, you can use iwonbigbro/tools/bin/git-remote-install-cert.sh to:

  • download said certificates (including the self-signed one)

    openssl s_client -connect

  • register that certificate:

    git config --global http.sslCAPath "$HOME/.gitcerts"

(here $HOME/.gitcerts is a directory in which all certificates can be found by git)

That tool, since it is called git-remote-install-cert.sh, is executed by a git remote-install-cert (even on Windows).

I would recommend though to use the latest PortableGit-2.5.1-64-bit.7z.exe, uncompressed anywhere (like in C:\prgs\PortableGit-2.5.1-64-bit).
Then call C:\prgs\PortableGit-2.5.1-64-bit\git-bash.exe, check $PATH and try git remote-install-cert.

Example, in a simple DOS session, with a PATH including C:\prgs\bin:
(it also include C:\prgs\PortableGit-2.5.1-64-bit\bin, which means I am using git 2.5.0 here)

  • create a file C:\prgs\bin\git-remote-install-cert in which you copy iwonbigbro/tools/bin/git-remote-install-cert.sh (so no trailing .sh in the final local script file name)
  • Change the line 111 from mkdir -m 0700 -p ${cert%/*} to mkdir -p ${cert%/*} (no need to change the line 37 though)

  • Go into an existing repo.
    Or create one, and add the remote origin url:
    (Of course, adapt the path to your environment)

    cd C:\Users\vonc\prog
git init b2d
cd b2d
git remote add origin https://github.com/VonC/b2d

  • Finally, call the script from that repo

    C:\Users\vonc\prog\b2d>git remote-install-cert
  Requesting certificate from the server...
  Certificate installed to: /c/Users/vonc/.gitcerts/github.com.crt

That will give you the certificates:

C:\Users\vonc\prog\b2d>type C:\Users\vonc\.gitcerts\github.com.crt
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgIQDACTENIG2+M3VTWAEY3chzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDQwODAwMDAwMFoXDTE2MDQxMjEy
MDAwMFowgfAxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
Ewc1MTU3NTUwMRcwFQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQx
....

From there, you can, still in that repo, fetch using that certificate:

cd C:\Users\vonc\prog\b2d
git config http.sslcapath C:\Users\vonc\.gitcerts
git fetch
git checkout master

这篇关于在Windows 7上使用git为GitHub提供https证书错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆