DEV Community

Frederick Ollinger
Frederick Ollinger

Posted on

Using a Self-Signed Certificate with Git Clone Https

Ever have a problem when you need to clone from a git repo with https, and it fails because you have a self signed certificate?

Every other post tells you to "turn off security".

Don't do that.

First download the certificate with this script:

#!/bin/env bash

# User Variables
API_HOST=example.gitlab.com # could be an ip address
PORT=443
CRT=secret.crt

BEGIN="-----BEGIN CERTIFICATE-----"
END="-----END CERTIFICATE-----"

echo $BEGIN > $CRT
echo quit | openssl s_client -showcerts -servername "${API_HOST}" -connect "${API_HOST}":${PORT} | sed "/$BEGIN/,/$END/!d;//d" >> $CRT
echo $END >> $CRT
Enter fullscreen mode Exit fullscreen mode

Use the script to download your certificate:

cd
./download-certificate.sh
Enter fullscreen mode Exit fullscreen mode

Now tell git where your certificate is:

git config --global http.sslCAInfo ~/secret.crt
Enter fullscreen mode Exit fullscreen mode

Done.

Now you should be able to use git clone with your https server without issues.

Top comments (0)