Getting Git to work with a Self Signed or Corporate Issued Certificate

If you’re getting this error when using Git on the command line or in Visual Studio:

fatal: unable to access ‘https://myserver/tfs/DefaultCollection/_git/Proj/’: SSL certificate problem: unable to get local issuer certificate

This post is just for you!

The issue is that Git does not trust the certificate from “myserver”. To get git to trust it, you must set it up on Git’s certificate store.

Step 1: Getting the root certificate

  1. Open Chrome and type https://myserver (where I work it’s https://tfs )
  2. Hit F12
  3. Go to the Security Tab
  4. Click “View certificate”
  5. Go to the “Certification Path” tab
  6. Select the root certificate (at my work it’s CTAC-DR0-RCA….)
  7. Click “View Certificate”
  8. Go to the “Details” tab
  9. Click “Copy to File”
  10. On the step that asks “Select the format you want to use:”
  11. Select “Base-64 encoded X.509 (.CER)”
  12. Save the certificate on your computer, you will need it in a further step. I called it ctac-root.cer

Step 2. Add the root cert to git’s certificate store

  1. This will make the error go away from the command line. If you only want to fix it for Visual Studio, go to Step 3.
  2. Go to C:\Program Files\Git\mingw64\ssl\certs\
  3. Copy ca-bundle.crt to ca-bundle.crt.orig as a backup
  4. Open ctac-root.cer (created in step 1)
  5. Open ca-bundle.crt in a text editor
    • Since you will edit it, open it in a program as an administrator.
    • If you are not an admin of the box, follow this post to make a user specific certificate store.
  6. Append the contents of ctac-root.cer (created in Step 1) to the end of ca-bundle.crt

Step 3. Add the root cert to Visual Studio’s Git certificate store

  1. Follow the instructions in Step 2 with the ca-bundle.crt found on C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\ssl\certs

You’re all set!