Adding self-signed SSL certificate without disabling authority-signed ones

As of v2.5.0 of Git for Windows, the installed certificate file has moved to C:\Program Files (x86)\Git\mingw32\ssl\certs\ca-bundle.crt. You have to add your certs into this file.


If you are using Git 1.8.5+ (August 2013), you can specify http directives per URL(!).

In your case:

git config --global http."https://code.example.com/".sslVerify false
#
# or, if not on default 443 port:
#
git config --global http."https://code.example.com:<aPort>/".sslVerify false

That would disable SSL verification only for code.example.com, not for other URLs.

Or:

git config --global http."https://code.example.com/".sslCAInfo <downloaded certificate>.pem

Same idea: sslCAInfo would point to <downloaded certificate>.pem only for code.example.com URLs.

It is possible to add your certificate in the Git system certificate store, which, with git-for-windows, would be in C:\path\to\PortableGit-2.6.1-64-bit\usr\ssl\certs\ca-bundle.crt.
It isn't the best practice, though, unless you have to distribute a Git distro with internal certificates in it.

Tags:

Git

Ssl

Github