SSL certificate problem: Unable to get local issuer certificate
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
The following is seen on the command line when pushing or pulling:
SSL Certificate problem: unable to get local issuer
This error occurs when a self-signed certificate cannot be verified.
Tell git to not perform the validation of the certificate using the global option:
git config --global http.sslBackend schannel
git config --global http.sslVerify false
Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporarily
Resolution - Client Side
Please notice that we refer to the Certificate Authority in this article by the acronym CA.
There are several ways this issue has been resolved previously. Below we suggest possible solutions that should be run on the client side:
- Ensure the root cert is added to git.exe's certificate store
Tell Git where to find the CA bundle, either by running:
git config --system http.sslCAPath /absolute/path/to/git/certificates
/absolute/path/to/git/certificatesis the path to where you placed the file that contains the CA certificate(s).
or by copying the CA bundle to the
/bindirectory and adding the following to the
sslCAinfo = /bin/curl-ca-bundle.crt
- Reinstall Git.
Ensure that the complete certificate chain is present in the CA bundle file, including the root cert.
Resolution - Server Side
This issue can also happen on configurations where Bitbucket Server is secured with an SSL-terminating connector rather than a proxy
- Ensure that the Java KeyStore has the entire certificate chain (Intermediate CA and Root CA)
- View the Certificate Chain Details inside the KeyStore using a tool like the KeyStore Explorer to check