Summary

While performing any GIT operations, the user receives the below error message:

SSL certificate problem: self-signed certificate in certificate chain

Cause

The error message "self-signed certificate in certificate chain" usually indicates that the SSL certificate provided by the Git server you are trying to connect to is not trusted by your Git client. This can occur if the certificate is self-signed, or if it is signed by an untrusted certificate authority.

Solution

• Configure Git to trust the self-signed certificate globally: You can configure Git to trust the self-signed certificate globally by adding an 'http.sslCAInfo' setting to your Git configuration file. Here's an example of how to configure Git to trust a self-signed certificate:

  $ git config --global http.sslCAInfo /path/to/ca.pem

• Windows System: If you are using the Windows system, you may use the configuration below which sets the Secure Channel (schannel) library as the SSL backend for Git's HTTP communication. This setting is recommended on Windows systems, as the schannel library is a part of the Windows operating system and is well-integrated with its security features. Once you have configured this, Git will use the Windows certificate store and should not require the http.sslCAInfo configuration setting.  The git config --global http.sslBackend channel setting does not bypass SSL validation. It only sets the SSL backend used by Git for its HTTP communication. The schannel library, like other SSL backends, is designed to perform SSL validation by default, which includes verifying the authenticity of the SSL certificate presented by the remote server. The schannel library is considered to be a secure SSL backend, and it supports strong encryption algorithms and certificate validation.

  $ git config --global http.sslBackend schannel