Unable to clone Git repository due to self signed certificate
Symptoms
Git server is using self signed certificate and Fisheye/Crucible is unable to clone a Git repository.
The following appears in the atlassian-fisheye-<date>.log:
2013-07-02 18:15:48,400 WARN [InitialPinger2 ] fisheye IndexingPingRequest-doRequest - Exception during FishEye Incremental Indexing of Gitrepo: com.cenqua.fisheye.config.ConfigException: Unable to clone remote repository: https://fisheyeuser@git.server:8443/scm/test/gitrepo.git
- [fatal: unable to access 'https://fisheyeuser:XXXX@git.server:8443/scm/test/gitrepo.git/': SSL certificate problem: self signed certificate in certificate chain]
- Cloning into bare repository 'clone'...Cause
Git client in Fisheye/Crucible server performs verification on the SSL certificate and stops the process if it is unknown.
Workaround
#1 Disable SSL verification while running the git clone
git -c http.sslVerify=false clone <repository-name>
This is safer once it only disables SSL for this particular command execution.
#2 Disable Git SSL verification in the server hosting Fisheye/Crucible with the following commands:
git config --global http.sslVerify false
Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporary.
Resolution
- Import the Git server self signed certificate into Fisheye/Crucible server according to Unable to connect to SSL services due to "PKIX Path Building Failed" error
Configure the Git client in Fisheye/Crucible server to refer to the cacerts that have the imported certificate:
git config --system http.sslCAPath /path/to/cacerts- Restart Fisheye/Crucible server