Azure Devops Pipeline Run makes Git Error?

Question

ACTION: I have a git project on my work azure devops that I pull normally using ssh authentication. I tryed to run a pipeline on my work azure devops and work self-hosted windows computer from azure GUI to test CI features. It's a hello word project, just testing if everything is set-up correctly.

EXPECTED:

Seeing "Hello word" results from Azure Pipelines jobs terminal.

RESULT:

Pipeline use an automated script and run some git commands witch try to init and fetch a https project with wrong credentials and fails. Here's the log with some redacted info.

2020-09-21T20:35:25.0633203Z ##[command]git init "C:\agentW\_work\1\s"
2020-09-21T20:35:25.1242756Z Initialized empty Git repository in C:/agentW/_work/1/s/.git/
2020-09-21T20:35:25.1279844Z ##[command]git remote add origin https://********(REDACTED)
2020-09-21T20:35:25.1703998Z ##[command]git config gc.auto 0
2020-09-21T20:35:25.2109482Z ##[command]git config --get-all http.https://********(REDACTED).extraheader
2020-09-21T20:35:25.2498108Z ##[command]git config --get-all http.proxy
2020-09-21T20:35:25.2898438Z ##[command]git -c http.extraheader="AUTHORIZATION: bearer ***" fetch --force --tags --prune --progress --no-recurse-submodules origin
2020-09-21T20:35:25.5928108Z fatal: unable to access 'https:********(REDACTED)': SSL certificate problem: unable to get local issuer certificate

INFO:

1. I tried going to C:\agentW_work\1\s and using git remote set-url origin ssh... as specified here : https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops and make a pull manually. it succeeded.

2. I tried changing C:\agentW.credentials authorizationUrl and oauthEndpointUrl values to values given to me by our DevOps.

3. I tried running another pipeline projects(from other personal azure repo, but same self-hosted computer) with a HTTP settings in configuration #2, it works. See below.

4. I have acess to my C:\Users*****(REDACTED).ssh, if i need to paste my public ssh key somewhere.

Question:

1. How do I change setting on the automated script to pull my ssh repo instead?
2. How do I change my Https Git setting so that pulling the https project works too?

Configuration#1: Work Computer + Work Azure DevOps.

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
  branches: 
    include:
      - feature/azure-pipelines
pool:
  name: Default
  demands:
    - agent.name -equals WORK

steps:
- script: echo Hello, world!
  displayName: 'Run a one-line script'

- script: |
    echo Add other tasks to build, test, and deploy your project.
    echo See https://aka.ms/yaml
  displayName: 'Run a multi-line script'

Configuration#2: Work Computer + Personal Azure DevOps.

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
  branches: 
    include:
      - master
pool:
  name: Default
  demands:
    - agent.name -equals WORK

steps:
  - task: RunMATLABCommand@0
    inputs:
      command: runBatchT
  - task: RunMATLABTests@0
    inputs:
      testResultsJUnit: test-results/results.xml
      codeCoverageCobertura: code-coverage/coverage.xml
      sourceFolder: src;test
  - task: PublishTestResults@2
    condition: succeededOrFailed()
    inputs:
      testResultsFiles: test-results/results.xml
  - task: PublishCodeCoverageResults@1
    inputs:
      codeCoverageTool: Cobertura
      summaryFileLocation: code-coverage/coverage.xml

Answer 1

It's a temporary fix, But I found that deleting my self hosted agent and creating a new one with sslcert skip worked.

.\config.cmd --sslskipcertvalidation 

It's going to influence the git script and modify this line to use the ssl skip paramter:

2020-09-22T12:34:55.3658192Z ##[command]git -c http.extraheader="AUTHORIZATION: bearer ***" -c http.sslVerify=false fetch --force --tags --prune --

Source:

1. https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/certificate?view=azure-devops-2020

2. https://confluence.atlassian.com/bitbucketserverkb/ssl-certificate-problem-unable-to-get-local-issuer-certificate-816521128.html