自签名SSL证书适用于Windows Server 2012，Bonobo Git Server [英] Self Signed SSL Certificate Use With Windows Server 2012, Bonobo Git Server

问题描述

我试图与我的工作站上使用Aptana Studio 3的Windows 2012服务器上托管的Bonobo Git repo进行通信。我遵循无数指南创建自签名SSL证书，使用open ssl，但仍无法连接到Git repo。以下是我遵循的步骤：
$ b

1. 在Win2012服务器内创建一个自签名SSL证书


2. 将证书分配给Bonobo Git服务器的https绑定


3. 在我的工作站上安装证书


4. 将证书放入我的\Aptana Studio 3 Workspace.metadata.plugins\com.aptana.portablegit.win32\ssl\certs文件夹
   
5. 使用http.sslCAinfo指向Git

之后，我尝试按照本指南创建自己的证书颁发机构，但无法找到允许Windows 2012服务器实际使用的方法使用Bonobo Git Server绑定生成的任何证书： $ b https://enterprise.github.com/help/articles/using-self-signed-ssl-certificates

我有一种感觉，我完全错了了解自签名SSL证书，以及如何在我的服务器和访问它们的工作站上设置它们。无论我做什么，尝试从Git执行推送时总是会出现以下错误：

错误：SSL证书问题，请验证CA证书是否正常。详细信息：
错误：14090086：SSL例程：SSL3_GET_SERVER_CERTIFICATE：访问https：xxx.xxx.xxx.xxx：xxxx时证书验证失败

我真的很喜欢了解我如何创建自签名SSL证书，将其安装在Windows 2012服务器上，将其设置为与Bonobo Git Server绑定一起使用，并成功连接到工作站的git repo。

解决方案

最终发现它。 $ b

除了您遵循的建议之外，还需要创建PFX，然后才能导入到IIS中经理（在您的服务器的根级别）。 使用说明。

总结

1. 创建您的CA证书。


2. 创建服务证书。注意：确保通用名称反映BonoboGit网站的域名。


3. 生成pfx。 （从我提供的链接中，不必担心-certfile参数）
   
4. 将此pfx复制到您的服务器上


5. 通过IIS管理器，Server证书，导入PFX，确保提供您在生成证书时提供的密码。


6. 对于您的网站，更改443的绑定以使用导入的pfx（您应该看到它）
   

完成工作。

编辑：哎呀差点忘了。然后你需要告诉GIT使用你的证书。

  git config --local http.sslCAInfo / path / to / your / cert / rootCA.crt 
  

如果您尚未设置存储库，则需要首先这样做。

  cd mygitrepo 
 git init 
 git config --local http.sslCAInfo / path / to / your / cert / rootCA.crt 
 git remote add origin https://git.yourserver.com 
 git pull master 
  

应该这样做。

I'm attempting to communicate with my Bonobo Git repo hosted on a Windows 2012 server using Aptana Studio 3 on my Workstation. I have followed countless guides on creating self signed SSL certificates, using open ssl and still am not able to connect to the Git repo. Here's the steps I have followed:

1. Create a self signed SSL certificate from within the Win2012 server
2. Assign the cert to the https binding of the Bonobo Git Server
3. Install that certificate on my workstation
4. Put the cert into my \Aptana Studio 3 Workspace.metadata.plugins\com.aptana.portablegit.win32\ssl\certs folder
5. Point Git to it using http.sslCAinfo

After that failed, I then attempted to follow this guide to create my own certificate authority, but wasn't able to find a way to allow the windows 2012 server to actually use any of the certs it generated with the Bonobo Git Server binding:

https://enterprise.github.com/help/articles/using-self-signed-ssl-certificates

I have a feeling that I am completely misunderstanding self signed SSL certificates, and how they should be setup on my server and on the workstations accessing them. No matter what I do, I always end up with the following error when attempting to execute push from Git:

error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https:xxx.xxx.xxx.xxx:xxxx

I would really love to know exactly how I can create a self signed SSL certificate, install it on the windows 2012 server, set it to be used with the Bonobo Git Server binding, and successfully connect to the git repo from my Workstation.

解决方案

Figured it out eventually.

As well as the advice you followed, you also need to create as PFX that you can then import into IIS Manager (at the root level of your server). Instructions here.

To sum it up

1. Create your CA cert.
2. Create the service cert. Note: make sure the common name reflects the domain name of your BonoboGit site.
3. Generate the pfx. (from the link I supplied, don't worry about the -certfile parameter)
4. Copy this pfx to your server
5. Through IIS Manager, Server Certificates, Import the PFX, making sure to supply the password you gave when generating the cert.
6. For your site, change the binding for 443 to use the imported pfx (you should see it in the list)

Job done.

EDIT: oops almost forgot. you then need to tell GIT to use your certificate.

git config --local http.sslCAInfo /path/to/your/cert/rootCA.crt

If you haven't already got a repository set up, you'll need to do so first.

cd mygitrepo
git init
git config --local http.sslCAInfo /path/to/your/cert/rootCA.crt
git remote add origin https://git.yourserver.com
git pull master

Should do it.

这篇关于自签名SSL证书适用于Windows Server 2012，Bonobo Git Server的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！