Hi Robert, On Fri, 15 Jan 2016, Robert Labrie wrote: > Increasingly, network admins (including mine) think it's appropriate > to intercept TLS handshakes on the firewall, and present the calling > application with a self-signed cert for the requested domain (ie > github.com). On Linux, this can be sorted out by putting the internal > issuing CAs root cert in /etc/certs (or somesuch) and on windows, by > importing it into the "Trusted Publishers" certificate store. The > challenge comes from apps using OpenSSL on Windows, which doesn't have > /etc and doesn't support the windows certificate store. OpenSSL on Windows has no `/etc`, but Git does offer a way to provide your own certificates, via the http.sslCAInfo setting. Furthermore, you can rebuild cURL with support for WinHTTP (which accesses the Windows Certificate Store). Since this is a compile time switch, we do not support that with Git for Windows (until the day when cURL can be built with WinHTTP *and* OpenSSL support and configured via a switch to use one or the other). > Presently, I'm using this procedure: > http://stackoverflow.com/questions/9072376/configure-git-to-accept-a-particular-self-signed-server-certificate-for-a-partic It may be a good idea to summarize it here (I would consider that good form). Ciao, Johannes -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html