Reputation: 123
Git clone use gitlab self-signed CA throws error: requested domain name does not match the server's certificate
As I have already known by some people's suggest, diable http.sslVerify is a bad idea, and according to some post, the best practice is to add the gitlab server CA to local, so I tried it in different ways:
- Add the CA file path to git config
git config --global http.sslCAInfo /home/yp/git-certs/rd.crt git clone https://10.xx.xx.xx/xxDepart/xxProject.git
- Directly git clone with CA file path carried:
GIT_SSL_CAINFO=/home/yp/git-certs/rd.crt git clone https://10.xx.xx.xx/xxDepart/xxProject.git
But both ways give me the same error: Unable to communicate securely with peer: requested domain name does not match the server's certificate. I think it's maybe a gitlab server issue or CA problem instead of a local git configuration error. Does anyone met this kinds of issue before, and can share the solution? I am using an CentOS7.6 server and git version is 2.8
Upvotes: 1
Views: 3661
Answers (1)
Reputation: 1324935
Try and display the SAN (Subject Alternative Name) of your certificate
openssl x509 -text -noout -in cert.pem \
-certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux
If it does not include your IP address, the certificate won't be considered valid.
Upvotes: 2
Related Questions
- How to solve SSL certificate: self signed certificate when cloning repo from github?
- GITLAB SSL certificate problem: unable to get local issuer certificate
- Adding A Certificate Authority in GitLab?
- git clone always fails with "Failed sending HTTP request"
- gitlab Peer certificate cannot be authenticated with known CA certificates
- GitLab self host SSL issues - validation failed for domain
- Git - "SSL certificate issue: self signed certificate in certificate chain"
- Self signed certificate SSL Error using self hosted GitLab
- git clone by https does not work on other machine
- git not fully working with self-signed cert