All geek questions in one place

Egit with a self-signed certificate, https

I would like to use a git repository that accesses via https, the Https server has a self-signed certificate. I always get an error when trying to clone a repo using eclipse + egit:

https: // host / path : cannot open git -upload-pack sun.security.validator.ValidatorException: Failed to create PKIX path: sun.security.provider.certpath.SunCertPathBuilderException: cannot find a valid certification path for the requested target

Is there a way around this? I used the export GIT_SSL_NO_VERIFY=1 command to skip the ssl check with the console client. This trick does not work with eclipse.

Thanks,

Hubi

+6
source share
5 answers

You can also just install eGit to ignore server verification. In Eclipse, go to Window -> Preferences.

Go to Team -> Git -> Configuration

Click "New Entry"

Key: http.sslVerify Value: false

Click OK

Click OK

For a more detailed approach to this check of my blog post: http://www.pur-logic.com/2012/04/21/egit-self-signed-certificate/

+10
source

You need to import this certificate into the keystore (either the default keystore store in the JDK directory, or specify it with the -Djavax.net.ssl.trustStore parameter).

+5
source

Frequently Asked Questions CAcert contains the command line for keytool:

 keytool -keystore $/PATH/TO/CACERTS/KEYSTORE -storepass changeit -import -trustcacerts -v -alias cacertclass1 -file root.crt
  • In the end, you need to omit -trustcacerts to import the normal certificate.
  • -alias may also be unnecessary
+1
source

I also had problems with this, but with a different story. The host name for the Git repository does not match the cert host name. The solution was to change the certificate to match the host name.

0
source

We should use the http.sslCAInfo option for this use case.
However, the Eclipse JGit development status for this option has been stuck for a very long time.

Fyi

0
source

Source: https://habr.com/ru/post/901443/

More articles:


All Articles