Windows – Unable to resolve “unable to get local issuer certificate” using git on Windows with self-signed certificate

curlgitmsysgitssl-certificatewindows

I am using Git on Windows. I installed the msysGit package. My test repository has a self signed certificate at the server. I can access and use the repository using HTTP without problems. Moving to HTTPS gives the error:

SSL Certificate problem: unable to get local issuer certificate.

I have the self signed certificate installed in the Trusted Root Certification Authorities of my Windows 7 – client machine. I can browse to the HTTPS repository URL in Internet Explorer with no error messages.

This blog post by Philip Kelley explained that cURL does not use the client machine's certificate store. I followed the blog post's advice to create a private copy of curl-ca-bundle.crt and configure Git to use it. I am sure Git is using my copy. If I rename the copy; Git complains the file is missing.

I pasted in my certificate, as mentioned in the blog post, I still get the message "unable to get local issuer certificate".

I verified that Git was still working by cloning a GitHub Repository via HTTPS.

The only thing I see that's different to the blog post is that my certificate is the root – there is no chain to reach it. My certificate originally came from clicking the IIS8 IIS Manager link 'Create Self Signed Certificate'. Maybe that makes a certificate different in some way to what cURL expects.

How can I get Git/cURL to accept the self signed certificate?

Best Solution

Open Git Bash and run the command if you want to completely disable SSL verification.

git config --global http.sslVerify false

Note: This solution opens you to attacks like man-in-the-middle attacks. Therefore turn on verification again as soon as possible:

git config --global http.sslVerify true