I have a Bitbucket server running onprem with a certificate.
I added it to the keystore ussing the follwing commands
openssl pkcs12 -export -in myurl.com.cer -inkey myurl.com.key -out myurl.com.p12
keytool -importkeystore -srckeystore myurl.com.p12 -srcstoretype PKCS12 -destkeystore bitbucket.jks -deststoretype JKS
It looks like this if i view the server in Chrome (which looks good):
When i try clone a Repository from the Server i get the Following Error
root@BS01:~# git clone https://source.server.com/scm/p/project.git
Cloning into 'project'...
fatal: unable to access 'https://source.server.com/scm/p/project.git':
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
On windows the error looks a bit different:
fatal: unable to access 'https://source.server.com/scm/p/project.git/': SSL certificate problem: unable to get local issuer certificate
When i Google for this error a lot of soltions suggest that i have to use a CA Certificate istead of a selfsigned one (Maybe I got the concept wrong but i thought the Certificate is a CA Certificate) or disable sslVerificaction entirely (which is not acceptable)
What problem does git have with the certificate and how to fix that?
Best Answer
Acually the certificate is only fine on my Computer, Mobile Devices did not trust it aswell - if I concatenate the whole trust chain into one .pem file looking like this:
And add this one to the jks it works as expected.