Clever Geek Handbook

Why can't git read my certificate file in Yosemite?

I recently did a clean install of Yosemite on my MacBook Pro. Before that, I took a backup of all my files so that I can start working again. However, I have a problem getting git to work correctly with my certificates and I don't know why.

I installed git using HomeBrew. Then I copied my original .gitconfig file from my backup and placed it in my home directory. This is when the problems started. My file contains the following certification lines:

[http]
   sslCAInfo = cacert.cert
   sslCert = russellseymour.pem
   sslKey = russellseymour.key
   sslVerify = false

Now things like "brew update" exit with the following error:

fatal: unable to access 'https://github.com/Homebrew/homebrew/': SSL: Can't load the     certificate "russellseymour.pem" and its private key: OSStatus -25299
Error: Failure while executing: git pull -q origin refs/heads/master:refs/remotes/origin/master

And now git is unusable. I need to set up certificates so that I can access my private repo.

Does anyone know if there is a simple solution for this? Is this a change in Yosemite?

Thanks in advance,

Russell

+3


source to share


1 answer


Good day,

After some talk about finally figuring out what the problem is.

I didn't really get it that KeyChain is now used by Git. So when I ran git using the git config as shown above, it would import my certificate into the keychain.

However, it did not import the CA certificate that I assigned. Also I discovered (after a lot of searching) that the error code OSStatus -25299

means there is a duplicate certificate!

So, to fix everything so that git still works with homebrew and my own repository (and other git repositories), I had to do the following:

  • remove all ssl * config from .gitconfig file
  • import my certificate and CA into keychain. They needed to be trusted for the keychain to use them.
  • Since I didn't need to turn off checkout for everything, I used the following command to clone my repo the first time:


git -c http.sslVerify=false clone https://my.repo/example

and then I ran local config on that repository to make sure the certificate is not verified eg.

cd example git config http.sslVerify=false

I'm happy to say that now everything is working as it should.

Russell

+2


source






More articles:


All Articles