Fix Git SSL Certificate Problem: Self-Signed Certificate

Programming & Dev Tools Intermediate 👁 0 views 📅 May 25, 2026

Resolve Git SSL certificate errors caused by self-signed certificates in corporate environments or local setups. This guide provides secure and temporary fixes.

Symptoms

When using Git to clone, push, or pull from a remote repository (especially in corporate environments with a self-signed certificate), you encounter an error similar to:

fatal: unable to access 'https://git.company.com/repo.git/': SSL certificate problem: self signed certificate in certificate chain

This error prevents Git from establishing a secure HTTPS connection. The same error may appear when using other Git operations like fetch or push.

Root Causes

  • Self-Signed Certificate: The remote server uses a certificate that is not signed by a recognized Certificate Authority (CA). This is common in internal corporate Git servers.
  • Missing Root CA Certificate: The root certificate of the internal CA is not added to the system's trust store or Git's certificate bundle.
  • Corporate Proxy: A proxy or SSL inspection appliance replaces the server certificate with its own self-signed certificate.
  • Outdated Certificate Bundle: Git's built-in CA bundle may not include the internal CA.

Step-by-Step Fix

Option 1: Temporarily Disable SSL Verification (Not Recommended for Production)

This is the quickest workaround but reduces security. Use only for testing or if you fully trust the network.

  1. Open a terminal or command prompt.
  2. Run the following command to disable SSL verification globally:
    git config --global http.sslverify false
  3. Alternatively, for a single repository, run inside the repo:
    git config http.sslverify false
  4. Try the Git operation again.

Warning: This exposes you to man-in-the-middle attacks. Re-enable SSL verification after testing with git config --global http.sslverify true.

Option 2: Add Self-Signed Certificate to Git's Trust Store (Recommended)

  1. Obtain the self-signed certificate: Use your browser to export the server certificate (usually as .crt or .pem) or ask your IT administrator.
  2. Convert to PEM format if needed: If the file is in .der format, convert using OpenSSL:
    openssl x509 -inform der -in certificate.der -out certificate.pem
  3. Add certificate to Git's global configuration:
    git config --global http.sslCAInfo /path/to/certificate.pem
  4. Alternatively, append to Git's CA bundle: Locate Git's CA bundle (e.g., C:\Program Files\Git\mingw64\ssl\certs\ca-bundle.crt on Windows or /etc/ssl/certs/ca-certificates.crt on Linux) and append the certificate content to it.
  5. Verify the fix by running git clone https://your-repo-url.

Option 3: Add Certificate to System Trust Store

  1. On Linux (Ubuntu/Debian):
    sudo cp certificate.pem /usr/local/share/ca-certificates/
sudo update-ca-certificates
  2. On macOS: Open Keychain Access, drag the certificate into the System keychain, and mark it as trusted.
  3. On Windows: Double-click the .crt file and install it into the Trusted Root Certification Authorities store.
  4. Restart any open terminals and test Git operations.

Alternative Fixes

  • Use SSH Instead of HTTPS: Configure Git to use SSH keys. This bypasses SSL entirely. Generate an SSH key pair and add the public key to your Git server.
  • Use http.proxy with SSL: If behind a corporate proxy, configure Git to use the proxy with SSL support:
    git config --global http.proxy http://proxy.company.com:8080
git config --global https.proxy http://proxy.company.com:8080
  • Set environment variable GIT_SSL_NO_VERIFY: Temporarily set GIT_SSL_NO_VERIFY=1 in your shell session. This is similar to disabling SSL verification but scoped to the session.

Prevention

  • Use Proper CA-Signed Certificates: For production Git servers, use certificates from a public CA (e.g., Let's Encrypt, DigiCert) to avoid SSL issues entirely.
  • Automate Certificate Distribution: In corporate environments, use Group Policy or configuration management tools (Ansible, Puppet) to deploy internal CA certificates to all developer machines.
  • Maintain Certificate Bundles: Regularly update Git's CA bundle or system trust store when internal certificates change.
  • Document the Setup: Provide developers with clear instructions on how to configure Git for internal repositories, including certificate installation steps.

By following these steps, you can resolve the Git SSL certificate problem for self-signed certificates while maintaining a secure development environment.

Was this solution helpful?

Git SSL certificate self-signed certificate certificate problem git config http.sslverify git SSL error corporate proxy certificate store git clone git push sslCAInfo git security certificate authority SSL verification