SSL certificate problem while doing GIT pull from Azure Devops Repos

Question

We are using a proxy server that does SSL inspection of traffic and thus replaces the cert with the one that it issues in the process. That cert is issued by the cert authority on the proxy itself. This is fairly common with modern proxies.

But users are getting following error while doing Git pull:-
"git pull fatal: unable to access 'https://ausgov.visualstudio.com/Project/_git/Repo': SSL Certificate problem: self-signed certificate in certificate chain"

Do I need to import the proxy CA issuing cert in Devops portal somewhere to resolve this or does the SSL inspection needs to be removed?

Has anybody got it to work with proxy inspection still turned on?

kidd_ip · Answer

Please consider this:
&nbsp;
1. Configure Git to Trust Your Proxy’s CA

Export your proxy’s root CA certificate (usually a .crt or .pem file).
Add it to Git’s trusted certificate store:

git config --global http.sslCAInfo /path/to/your/proxy-ca.crt
&nbsp;
2.&nbsp;Switch Git to Use Windows Certificate Store (if on Windows)

Run:

git config --global http.sslBackend schannel
&nbsp;
3. Use Secure Channel in Visual Studio

In Visual Studio:Tools &gt; Options &gt; Source Control &gt; Git Global SettingsSet Cryptographic Provider to Secure Channel.

&nbsp;
4. Avoid Disabling SSL Verification

You can run:

git config --global http.sslVerify false
&nbsp;

Forum Discussion

SSL certificate problem while doing GIT pull from Azure Devops Repos

1 Reply

Resources