Jenkins Git integration - How to disable SSL certificate validation

Create Freestyle project and Add "Windows Batch Command" and add the

git config http.sslVerify false or git config --config http.sslVerify false

Once this is done, save it and build the job

Now your jenkin is configured to as not to do ssl verification. After the successful build now you can remove the batch command build step and edit the same project for your configuration.


Best option is to add the self-signed certificate to your certificate store

Obtain the server certificate tree This can be done using chrome.

  1. Navigate to be server address. Click on the padlock icon and view the certificates. Export all of the certificate chain as base64 encoded files (PEM) format.

  2. Add the certificates to the trust chain of your GIT trust config file In Git bash on the the machine running the job run the following:

"git config --list".

find the http.sslcainfo configuration this shows where the certificate trust file is located. 3. Copy all the certificates into the trust chain file including the "- -BEGIN- -" and the "- -END- -". Make sure you add the ROOT certificate Chain to the certificates file

This should solve your issue with the self-signed certificates and using GIT.

NOT RECOMMENDED

The other way is to remote into your slave and run the following:

git config --global http.sslVerify false

This will save into the global config that this instance never does SSL verification, this is NOT recommended, it should be used only when testing and then disabled again. It should be done properly as above.


to supplement, I've stuck on this for few hours, here's what i've found for SSL related

add

-Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true 

as parameter as java jnlp command,

and to set GIT_SSL_NO_VERIFY=true as environment variable, so the start slave command at slave side now looks like (not sure if some parameteres are duplicate)

export GIT_SSL_NO_VERIFY=true

java -Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true -jar slave.jar -jnlpUrl ${jenkins_url}/computer/${slave_name}/slave-agent.jnlp -secret ${secret} -noCertificateCheck

you may need the same

-noCertificateCheck

while trying to call jenkins-cli.jar

(up to https://blog.csdn.net/froghui/article/details/39641221)

since everytime the jenkins slave initiazted a git operation, it's a clean env, that handled by jenkins git plugin