Git Clone SSL Certificate Error

Published on: 25 Jul 2023

At my work we've been setting up an Azure DevOps Server for a development and test network. In doing this I've learned a few different lessons. One lesson being the need to establish trust between an Azure DevOps Server and a development workstations Git client. Below I've summarized the steps required to create trust between Git on the Azure DevOps Server and a Git client residing on a development workstation.

The root certificate of the Azure DevOps Server needs to be placed on the development workstation.

That certificate should be placed in the following path:

C:\Program Files\Git\mingw64\etc\ssl\certs

This path is where the Git config file looks for certificates.

Now the configuration file gitconfig at the following path:

C:\Program Files\Git\etc\gitconfig

needs to be updated to look for the certificate file that we placed in the certs folder previously.

In the gitconfig file the below snippet should exist:

[http]
    sslBackend = openssl
    sslCAInfo = C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt

The certificate file ca-bundle.crt at the end of the line containing sslCAInfo should be replaced with the file name of the certificate that you placed in the certs folder.

Once the gitconfig file has been updated to look at the new certificate. Cloning from Git on the Azure DevOps Server to a development workstations Git client should work.