Can't access Bitbucket Server with Git - Issuer certificate is invalid

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

The following message is displayed when trying to push to a Bitbucket Server repository:

error: Issuer certificate is invalid. while accessing https://<USERNAME>@<BITBUCKET_HOST>:8443/ABC/test.git/info/refs
fatal: HTTP request failed

You just added a self signed certificate to Bitbucket Server and now your users are getting errors:

fatal: unable to access 'https://<username>@<bitbucket_server>:<port>/<context>/scm/<project>/<repository>/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Cause

The Bitbucket Server certificate is not trusted by the git client.

Workaround

A very good article on the subject can be found here on Stack Overflow. In summary when you use a self signed certificate Git doesn't trust the certificate that is being sent to it. You can fix this in two ways:

  1. On each client system run: git config --global http.sslVerify false
  2. The safer solution is to install the self signed server certificate on the git client machine.

I would suggest reviewing all of the answers and comments on that post as there are many competing opinions on the subject.

(warning) Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporarily

Resolution

To be able to use a self-signed certificate do the following:

Resolution 1

  • Copy the Bitbucket Server instance's certificate.pem file to the git client's host.
  • Convert the file into the X.509 format.
openssl x509 -in certificate.pem -out certificate.crt
  • Now allow git to use this certificate by changing the user's git configuration file: 

git config http.sslcainfo certificate.crt

(info) All commands must be executed in the <PATH> where the certificate was copied to.

Resolution 2

Use a certificate that is signed by a Certificate Authority. These certificates are automatically trusted.

Last modified on Jan 13, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.