GIT之clone 自建ssl gitlab的时候提示Peer’s Certificate issuer is not recognized.的解决方法

评论
16,179 次

[root@iZ620cgsubhZ /tmp]# git clone https://git.dwhd.org/lookback/docker-gitlab.git
正克隆到 'docker-gitlab'...
fatal: unable to access 'https://git.dwhd.org/lookback/docker-gitlab.git/': Peer's Certificate issuer is not recognized.

[root@iZ620cgsubhZ /tmp]# cd /etc/ssl/certs/
[root@iZ620cgsubhZ /etc/ssl/certs]# make SERIAL=5
This makefile allows you to create:
  o public/private key pairs
  o SSL certificate signing requests (CSRs)
  o self-signed SSL test certificates

To create a key pair, run "make SOMETHING.key".
To create a CSR, run "make SOMETHING.csr".
To create a test certificate, run "make SOMETHING.crt".
To create a key and a test certificate in one file, run "make SOMETHING.pem".

To create a key for use with Apache, run "make genkey".
To create a CSR for use with Apache, run "make certreq".
To create a test certificate for use with Apache, run "make testcert".

To create a test certificate with serial number other than zero, add SERIAL=num
You can also specify key length with KEYLEN=n and expiration in days with DAYS=n

Examples:
  make server.key
  make server.csr
  make server.crt
  make stunnel.pem
  make genkey
  make certreq
  make testcert
  make server.crt SERIAL=1
  make stunnel.pem SERIAL=2
  make testcert SERIAL=3
[root@iZ620cgsubhZ /etc/ssl/certs]# cd -
[root@iZ620cgsubhZ /tmp]# echo 'export GIT_SSL_NO_VERIFY=true' >> ~/.bashrc
[root@iZ620cgsubhZ /tmp]# . ~/.bashrc
[root@iZ620cgsubhZ /tmp]# env|grep GIT_SSL_NO_VERIFY
GIT_SSL_NO_VERIFY=true
[root@iZ620cgsubhZ /tmp]#

或者这样对git项目或者全局做配置文件

git config http.sslVerify "false"
git config --global http.sslVerify false

[root@iZ620cgsubhZ /tmp]# git clone https://git.dwhd.org/lookback/docker-gitlab.git
正克隆到 'docker-gitlab'...
remote: Counting objects: 53, done.
remote: Compressing objects: 100% (48/48), done.
remote: Total 53 (delta 7), reused 0 (delta 0)
展开对象中: 100% (53/53), 完成.
检查连接... 完成。
[root@iZ620cgsubhZ /tmp]#

参考连接：

http://stackoverflow.com/questions/19461833/what-does-this-error-message-imply-fatal-unable-to-access-httpsurl-peers

http://stackoverflow.com/questions/9008309/how-do-i-set-git-ssl-no-verify-for-specific-repos-only
++++++++++++++++++++++++
如果上面的办法还是不行，可以试试下面的

[root@DS-VM-Node200 ~]# openssl s_client -showcerts -connect git.dwhd.org:443 </dev/null 2>/dev/null | openssl x509 -outform PEM >git.dwhd.org.crt
[root@DS-VM-Node200 ~]# git config http."https://git.dwhd.org/".sslCAInfo < git.dwhd.org.crt

参考连接：

http://stackoverflow.com/questions/22893203/how-to-specify-cafile-path-inline-with-the-git-command