Git and https / SSL
Thu, May 3, 2012 The communication between git clients and the git server can be encrypted using the https protocol.To use this feature, it is recommended to own a valid certificate issued from a certificate authority (verysign, thawte, etc.). A self signed certificate is provided by default, but we strongly advise you to use your own certificate. GitStack supports the most secure protocols : SSL v3 and TLS v1.
We will suppose during this tutorial that we would like to setup https for a company called “contoso” which owns the “contoso.com” certificate.
1. Install your certificate on gitstack
Open a windows explorer to C:\GitStack\data\certificates
Back up the provided self signed certificates.
Copy your own certificate file and rename it to server.crt
Copy your own private key file and rename it to server.key
2. Configure gitstack to accept https connections
Launch GitStack in your web browser, open the Settings/Security tab.
Click on “Accept http and https” and click on save.
Note : If you click on “Accept https only”, do not forget to reload your administration panel with the https protocol instead of the http protocol.
3. Test the connection
Type in your command line :
git clone https://contoso.com/repo1.git
It might fail for the following reasons :
-If you are using the certificate provided by default, you will need to disable the certificate verification from your git client by typing :
git config – –global http.sslVerify false
-If you are using your own certificate, make sure that you are using your domain in the address. git clone https://contoso.com/repo1.git
instead of
git clone https://192.168.0.1/repo1.git
Disable the certificate verification if you cannot use your domain name.
If you get the following error:
> git config –global http.sslVerify false
error: key does not contain a section: -global
Then manually add the following to the “C:\Users\USERNAME\.gitconfig” file:
[http]
sslVerify = false
A “-” was missing to
> git config –global http.sslVerify false
you should type
git config ––global http.sslVerify false
(with two “-” before global)
If you use TortoiseGit as client and use self-signed certificates (provided by default by GitStack), you can disable certificate validation in TortiseGit: right click on your working copy, select TortoiseGit/Settings, than select ‘Git’ in vertical menu, press ‘Edit global .gitconfig’ (if you want to disable certificate validation for all git repositories you access) or ‘Edit local .git/config’ (if you want to disable certificate validation only for selected repository) and add following lines:
[http]
sslVerify = false
Now TortoiseGit will ignore wrong certificate… Sure it’s still highly recommended to issue your own valid certificates, so you don’t need to bypass certificates check!
can any one tell me how to validate git tool.i am from manual testing and now i am using git in automation testing with linux OS.before that we used MercurialSCM tool.
Please guide me for the same.
Please, please don’t do “git config –global http.sslVerify false”. This will disable server certificate validation for _all_ repositories, making you vulnerable for a man-in-the-middle attack.
If you must, do it just for one repository (no –global). A better way is to get the server’s certificate and configure your repo using “git config http.sslCAinfo /path/to/your/certfile.crt”.
(If you can read German: I wrote a blog article on that issue http://stefan.ploing.de/2012-12-03-git-und-https-diesmal-serverzertifikat-done-right )