SSL certificate problem: Unable to get local issuer certificate

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Problem

The following is seen on the command line when pushing or pulling:

SSL Certificate problem: unable to get local issuer

Cause

This error occurs when a self-signed certificate cannot be verified. 

Workaround

Tell git to not perform the validation of the certificate using the global option:

git config --global http.sslBackend schannel

Or,

git config --global http.sslVerify false

(warning) Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporarily


Resolution - Client Side

Please notice that we refer to the Certificate Authority in this article by the acronym CA. 

There are several ways this issue has been resolved previously. Below we suggest possible solutions that should be run on the client side:

  1.  Ensure the root cert is added to git.exe's certificate store
  2. Tell Git where to find the CA bundle, either by running:

    git config --system http.sslCAPath /absolute/path/to/git/certificates

    where /absolute/path/to/git/certificates  is the path to where you placed the file that contains the CA certificate(s).

    or by copying the CA bundle to the /bin  directory and adding the following to the gitconfig file:

    sslCAinfo = /bin/curl-ca-bundle.crt
  3. Reinstall Git.
  4. Ensure that the complete certificate chain is present in the CA bundle file, including the root cert.


Resolution - Server Side

This issue can also happen on configurations where Bitbucket Server is secured with an SSL-terminating connector rather than a proxy

  1. Ensure that the Java KeyStore has the entire certificate chain (Intermediate CA and Root CA) 
    • View the Certificate Chain Details inside the KeyStore using a tool like the KeyStore Explorer to check


Description

The following is seen on the command line when pushing or pulling: SSL Certificate problem: unable to get local issuer. This error occurs when a self-signed certificate cannot be verified. 

ProductBitbucket
PlatformServer
Last modified on Oct 6, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.