I have a git server hosted on https (github enterprise virtual appliance), using a valid signed cert from startcom, which passes all the SSL checks for any browser I use on any OS (IE, Firefox, Safari, Chrome, on Ubuntu, Mac OSX, MS Win7) but when I connect to it using git, git complains about the cert, but it's platform dependent, and it doesn't seem to make any sense... Does git have its own set of SSL trusted root CA's compiled in at build time or something? It seems weird that it's apparently not using the trusted root CA's from the OS... I have not tried re-signing my cert using a different CA. I see github uses DigiCert. My clients do not complain about SSL cert when cloning from github. The test command is, simply: git clone https://user@xxxxxxxxxx/user/project.git (Obviously, using a real username, a real servername, and a real project name instead of the line above.) ** On OSX, it works no problem. This is OSX 10.7 Lion, upgraded from 10.6 SL, with 4.1 upgraded from XCode 3.2.6. Git version 1.7.4.4 ** On ubuntu, oneiric x86_64, git version 1.7.5.4, it says: error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://user@xxxxxxxxxx/user/project.git/info/refs fatal: HTTP request failed This is annoying, because ... It names the location where it's searching for the root certificates, so I thought maybe the startcom root CA wasn't in there, so I went and looked, and confirmed it's there. Compared the actual pem encoded root ca cert string to the one that signed my server's cert, and it's definitely there. On linux, users are able to workaround using GIT_SSL_NO_VERIFY=1, but that kind of defeats the purpose. I don't want them doing this. ** On Win 7 64bit, tortoisegit 1.6.5.0 based on git 1.7.3.1, it says: error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://user@xxxxxxxxxx/user/project.git/info/refs fatal: HTTP request failed Cloning into C:\workdir I don't see any way to workaround, but haven't looked very hard for a windows equivalent of GIT_SSL_NO_VERIFY ** On Win 7 64bit, cygwin git version 1.7.9, it says: error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://user@xxxxxxxxxx/user/project.git/info/refs fatal: HTTP request failed Also, it ignores the presence of GIT_SSL_NO_VERIFY. So there isn't any known workaround for cygwin. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html