我被困在防火墙后面,所以我必须使用 HTTPS 来访问我的 GitHub 存储库。我在 Cygwin 1.7.7 .org/wiki/Windows_XP" rel="noreferrer">Windows XP。
我尝试将遥控器设置为 https://[电子邮件受保护]< /a>/username/ExcelANT.git,但推送提示输入密码,但输入密码后它不会执行任何操作。
https://username:github.com/username/ExcelANT.git 并从头开始克隆空存储库,但每次它都会给我同样的错误:
错误:SSL 证书有问题,请验证 CA 证书是否正常。细节:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:访问 https://github.com 时证书验证失败/用户名/ExcelANT.git/info/refs
打开 GIT_CURL_VERBOSE=1 给我
* 即将 connect() 到 github.com 端口 443 (#0)
* 尝试 207.97.227.239... * 成功设置证书验证位置:
* CA文件:无
CApath:/usr/ssl/certs
* SSL证书问题,请验证CA证书是否正常。细节:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
* 过期清除
* 关闭连接 #0
* 即将 connect() 到 github.com 端口 443 (#0)
* 尝试 207.97.227.239... * 成功设置证书验证位置:
* CA文件:无
CApath:/usr/ssl/certs
* SSL证书问题,请验证CA证书是否正常。细节:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
* 过期清除
* 关闭连接 #0
错误:SSL 证书有问题,请验证 CA 证书是否正常。细节:
错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:访问 https://github.com 时证书验证失败/用户名/ExcelANT.git/info/refs
fatal: HTTP request failed
这是我的防火墙、Cygwin 还是什么的问题?
我没有在 Git 配置中设置 HTTP 代理。然而,它是一个 ISA 服务器,需要 NTLM 身份验证,而不是基本身份验证,所以除非有人知道如何强制Git 使用 NTLM,我很沮丧。
I'm stuck behind a firewall, so I have to use HTTPS to access my GitHub repository. I'm using Cygwin 1.7.7 on Windows XP.
I've tried setting the remote to https://[email protected]/username/ExcelANT.git, but pushing prompts for a password, but it doesn't do anything once I've entered it.
https://username:<password>github.com/username/ExcelANT.git and cloning the empty repository from scratch, but each time it gives me the same error:
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/username/ExcelANT.git/info/refs
Turning on GIT_CURL_VERBOSE=1 gives me
* About to connect() to github.com port 443 (#0)
* Trying 207.97.227.239... * successfully set certificate verify locations:
* CAfile: none
CApath: /usr/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Expire cleared
* Closing connection #0
* About to connect() to github.com port 443 (#0)
* Trying 207.97.227.239... * successfully set certificate verify locations:
* CAfile: none
CApath: /usr/ssl/certs
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Expire cleared
* Closing connection #0
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/username/ExcelANT.git/info/refs
fatal: HTTP request failed
Is this a problem with my firewall, Cygwin or what?
I hadn't set the HTTP proxy in the Git configuration. However, it's an ISA server that needs NTLM authentication, not basic, so unless anyone knows how to force Git to use NTLM, I'm scuppered.
发布评论
评论(30)
问题是您的系统上没有安装任何证书颁发机构 (CA) 证书。并且这些证书无法使用 Cygwin 的 setup.exe 安装。
在Cygwin中安装Net/ca-certificates包(感谢dirkjot)
有两种解决方案:
cacert.pem文件就是您要查找的文件。这个文件包含超过250个CA证书(不知道如何信任这么多人)。您需要下载此文件,将其拆分为单独的证书,将它们放入 /usr/ssl/certs (您的 CApath)并为其建立索引。以下是具体操作方法。使用 Cygwin setup.exe 安装curl 和 OpenSSL 软件包。
执行:
重要:为了使用
c_rehash,您还必须安装openssl-perl。忽略 SSL 证书验证。
警告:禁用 SSL 证书验证会产生安全隐患。如果不验证 SSL/HTTPS 连接的真实性,恶意攻击者就可以冒充可信端点(例如 GitHub)或其他一些远程 Git 主机),并且您将容易受到 man-中间攻击。 在将此作为解决方案之前,请确保您完全了解安全问题和您的威胁模型。
env GIT_SSL_NO_VERIFY=true git 克隆 https://github...
The problem is that you do not have any of certificate authority (CA) certificates installed on your system. And these certificates cannot be installed with Cygwin's setup.exe.
Install Net/ca-certificates package in Cygwin (thanks dirkjot)
There are two solutions:
cacert.pemfile is what you are looking for. This file contains more than 250 CA certificates (don't know how to trust this number of people). You need to download this file, split it to individual certificates put them to /usr/ssl/certs (your CApath) and index them.Here is how to do it. With Cygwin setup.exe install the curl and OpenSSL packages.
Execute:
Important: In order to use
c_rehashyou have to installopenssl-perltoo.Ignore SSL certificate verification.
WARNING: Disabling SSL certificate verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a man-in-the-middle attack. Be sure you fully understand the security issues and your threat model before using this as a solution.
env GIT_SSL_NO_VERIFY=true git clone https://github...
注意:禁用 SSL 验证会产生安全隐患。当您使用 Git 通过网络传输数据时,它允许中间人攻击。在将此作为解决方案之前,请确保您完全了解安全隐患。或者更好的是,安装根证书。
一种方法是禁用 SSL CERT 验证:
这将阻止 CURL 验证 HTTPS 认证。
仅适用于一个存储库:
Note: disabling SSL verification has security implications. It allows Man in the Middle attacks when you use Git to transfer data over a network. Be sure you fully understand the security implications before using this as a solution. Or better yet, install the root certificates.
One way is to disable the SSL CERT verification:
This will prevent CURL to verity the HTTPS certification.
For one repository only:
我希望 Git 使用更新后的证书捆绑包,而不替换我整个系统使用的证书捆绑包。以下是如何让 Git 使用我的主目录中的特定文件:
现在更新
.gitconfig以使用它进行对等验证:请注意,我使用的是绝对路径。 Git 在这里不进行路径扩展,因此您无法使用
~而不出现丑陋的组装。或者,您可以跳过配置文件并通过环境变量GIT_SSL_CAINFO设置路径。要解决此问题,请设置
GIT_CURL_VERBOSE=1。 Git 正在使用的 CA 文件的路径将显示在输出中以“CAfile:”开头的行上。I wanted Git to use the updated certificate bundle without replacing the one my entire system uses. Here's how to have Git use a specific file in my home directory:
Now update
.gitconfigto use this for peer verification:Note I'm using an absolute path. Git does no path expansion here, so you can't use
~without an ugly kludge. Alternatively, you can skip the config file and set the path via the environment variableGIT_SSL_CAINFOinstead.To troubleshoot this, set
GIT_CURL_VERBOSE=1. The path of the CA file Git is using will be shown on lines starting with "CAfile:" in the output.如果您想解决证书问题,请随意跳过此答案。这个答案涉及通过防火墙的 SSH 隧道,恕我直言,这是处理防火墙/代理问题的更好的解决方案。
有一种比使用 HTTP 访问更好的方法,那就是使用 GitHub 在 ssh.github.com 服务器的端口 443 上提供的 SSH 服务。
我们使用一个名为 Corkscrew 的工具。这适用于 Cygwin(通过 Cygwin 主页进行设置)和使用您最喜欢的打包工具的 Linux。对于 Mac OS X,可以从 MacPorts 和 Homebrew(可执行
brew)至少。命令行如下:
proxyhost和proxyport是HTTPS代理的坐标。 targethost 和 targetport 是要通过隧道到达的主机的位置。 authfile 是一个文本文件,其中一行包含您的代理服务器用户名/密码,并用冒号分隔。
例如:
使用“普通”ssh 协议进行 Git 通信的安装。
通过将此技巧添加到
~/.ssh/config中,此技巧可用于正常的 SSH 连接。现在您可以通过 ssh 到 gitproxy 来测试它的工作情况:
输出:(
注意:如果您以前从未登录过 GitHub,
ssh将要求将服务器密钥添加到已知的主机文件中。如果您如果您偏执,建议将 RSA 指纹验证为您上传密钥的 GitHub 网站上显示的指纹)。当您需要使用另一个密钥访问存储库(例如,将您的私人帐户与专业帐户分开)时,此方法略有不同。
享受!
我们多年来一直在 Linux、Mac 和 Windows 上使用它。
如果您愿意,可以 了解更多有关它在这篇博文中。
Feel free to skip past this answer if you want to fix the certificates issue. This answer deals with tunneling SSH through the firewall which is IMHO a better solution to dealing with firewall/proxy thingies.
There is a better way than using HTTP access and that is to use the SSH service offered by GitHub on port 443 of the ssh.github.com server.
We use a tool called Corkscrew. This is available for both Cygwin (through setup from the Cygwin homepage) and Linux using your favorite packaging tool. For Mac OS X it is available from MacPorts and Homebrew (executable
brew) at least.The command line is as follows:
The proxyhost and proxyport are the coordinates of the HTTPS proxy. The targethost and targetport is the location of the host to tunnel to. The authfile is a text file with one line containing your proxy server username/password separated by a colon.
E.g.:
Installation for using "normal" ssh protocol for Git communication.
By adding this to the
~/.ssh/configthis trick can be used for normal SSH connections.Now you can test it works by ssh-ing to gitproxy:
Output:
(Note: if you never logged into GitHub before,
sshwill be asking to add the server key to the known hosts file. If you are paranoid, it is recommended to verify the RSA fingerprint to the one shown on the GitHub site where you uploaded your key).A slight variant on this method is the case when you need to access a repository with another key, e.g., to separate your private account from your professional account.
Enjoy!
We've been using this for years now on both Linux, Macs and Windows.
If you want you can read more about it in this blog post.
请注意,为了让这个工作正常(在 CentOS 5.6 上安装 RVM),我必须运行如下:
export GIT_SSL_NO_VERIFY=true然后,将 RVM 安装程序卷入 Bash 的标准安装过程就很不错了:)
Note that for me to get this working (RVM install on CentOS 5.6), I had to run the following:
export GIT_SSL_NO_VERIFY=trueand after that, the standard install procedure for curling the RVM installer into Bash worked a treat :)
一个非常简单的解决方案:将 https:// 替换为 git://
使用 git://the.repository 而不是 https:// the.repository 并且可以工作。
我在 Windows 上使用 TortoiseGit 遇到了这个问题,这解决了它。
A very simple solution: replace https:// with git://
Use git://the.repository instead of https://the.repository and will work.
I've had this problem on Windows with TortoiseGit and this solved it.
正如最受欢迎的答案(Alexey Vishentsev)所说:
然而,最后一个断言是错误的(现在,或者一直是,我不知道)。
您所要做的就是进入 Cygwin 设置并包含包“ca-certificates”(它位于 Net 下)。这对我来说很有效。
As the most popular answer (by Alexey Vishentsev) has it:
However, that last assertion is false (now, or always has been, I don't know).
All you have to do is go to Cygwin setup and include the package 'ca-certificates' (it is under Net). This did the trick for me.
将 SSL 验证设置为 false 时在 Windows 上进行克隆:
如果您想在不更改全局设置的情况下进行克隆。
To clone on Windows while setting SSL verify to false:
If you want to clone without borfing your global settings.
我知道最初的问题列出了 Cygwin,但这是 CentOS 的解决方案:
来源:http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/
I know the original question lists Cygwin, but here is the solution for CentOS:
Source: http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/
在 CentOS 5.x 上,一个简单的
yum update openssl更新了 OpenSSL 软件包,该软件包更新了系统ca-bundle.crt文件并为我解决了问题。对于其他发行版来说也是如此。
On CentOS 5.x, a simple
yum update opensslupdated the OpenSSL package which updated the systemca-bundle.crtfile and fixed the problem for me.The same may be true for other distributions.
如果您只想在 github.com 上使用 Cygwin Git 客户端,那么有一种更简单的方法,无需经历下载、提取、转换、分割证书文件的麻烦。进行如下操作(我假设使用 Cygwin 和 Firefox 的 Windows XP)
就是这样。
当然,这只会安装一个证书层次结构,即 GitHub 所需的证书层次结构。当然,您可以将此方法用于任何其他站点,而无需安装您(不一定)不信任的站点的 200 个证书。
If all you want to do is just to use the Cygwin Git client with github.com, there is a much simpler way without having to go through the hassle of downloading, extracting, converting, splitting certificate files. Proceed as follows (I'm assuming Windows XP with Cygwin and Firefox)
That's it.
Of course this only installs one certificate hierarchy, the one you need for GitHub. You can of course use this method with any other site without the need to install 200 certs of sites you don't (necessarily) trust.
您可以在终端中尝试此命令:
You can try this command in the Terminal:
如果您使用的是 Mac OS X,则可以通过
homebrew安装 ca-cert-bundle:formula 通过以下方式将证书包安装到您的共享中:
share方法只是/usr/local/share和 curl-ca-bundle 由Mozilla提供。这就是您在很多问题中看到的引用内容。希望这会有所帮助,因为在 Mac OS X 上如何解决这个问题并不是很简单。brew install curl也不会为您带来太多帮助,因为它是 仅 keg,不会链接(运行which curl将始终输出/usr/bin/curl< /code>,这是操作系统附带的默认值)。 这篇文章可能也有一些价值。当然,您需要在安装
homebrew之前禁用 SSL,因为它是一个 git 存储库。只需执行 SSL 验证过程中发生错误时curl 所说的操作即可:将
homebrew与curl-ca-bundle一起安装后,删除.curlrccode> 并尝试在 GitHub 上克隆一个存储库。确保没有错误,然后就可以开始了。注意:如果您确实使用
.curlrc,请在完成测试后将其从系统中删除。此文件可能会导致重大问题,因此将其用于临时目的并谨慎使用。如果您忘记将其从系统中清除,brew doctor将会抱怨)。注意:如果您更新 git 版本,则需要重新运行此命令,因为您的系统设置将被清除(它们是根据版本相对于 Git 二进制文件存储的)。
因此,运行后:
如果您获得了新版本的 Git,则只需重新运行:
然后您就一切就绪了。
最后,如果您有新版本的 Git,运行:
应该会出现如下错误
这是您需要告诉 gGit Mozilla ca-bundle 所在位置的提示。
.curlrc可能会也可能不会解决您的问题。无论如何,无论是否需要手动下载,只需将 Mozilla ca-bundle 安装在您的计算机上即可。这才是重要的。一旦你获得了ca-bundle,你就可以开始了。只需运行 Git 配置命令并将 git 指向 ca-bundle。将 CURL_CA_BUNDLE=/usr/local/share/ca-bundle.crt导出到我的.zshenv点文件,因为我使用的是zsh。git config选项适用于大多数情况,但当通过 SSL 访问 GitHub 时(例如rvm get stable),我仍然遇到了证书问题。 @Maverick 在他的评论中指出了这一点,但以防万一有人错过它或假设他们除了运行 git config --system.... 之外不一定需要导出此环境变量。命令。谢谢并希望这有帮助。看起来 curl-ca-bundle 是 最近从自制程序中删除。 此处有建议。
您需要将一些文件放入:
$(brew --prefix)/etc/openssl/certsIf you're on Mac OS X, you can install the ca-cert-bundle via
homebrew:The formula installs the cert bundle to your share via:
The
sharemethod is just an alias to/usr/local/share, and the curl-ca-bundle is provided byMozilla. It's what you see being referenced in a lot of issues. Hope this helps as it's not very straightforward about how to approach this on Mac OS X.brew install curlisn't going to get you much either as it's keg only and will not be linked (runningwhich curlwill always output/usr/bin/curl, which is the default that ships with your OS). This post may also be of some value.You'll of course need to disable SSL before you install
homebrewsince it's a git repo. Just do what curl says when it errors out during SSL verification and:Once you get
homebrewinstalled along with thecurl-ca-bundle, delete.curlrcand try cloning a repo out on GitHub. Ensure that there are no errors and you'll be good to go.NOTE: If you do resort to
.curlrc, please remove it from your system the moment you're done testing. This file can cause major issues, so use it for temporary purposes and with caution.brew doctorwill complain in case you forget to purge it from your system).NOTE: If you update your version of git, you'll need to rerun this command since your system settings will be wiped out (they're stored relative to the Git binary based on version).
So after running:
If you get a new version of Git, then just rerun:
And you'll be all set.
Lastly if you have a new version of Git, running:
should give you an error along the lines of
That's your tip that you need to tell gGit where the Mozilla ca-bundle is.
.curlrcmay or may not be the remedy to your problem. In any case, just get the Mozilla ca-bundle installed on your machine whether you have to manually download it or not. That's what's important here. Once you get the ca-bundle, you're good to go. Just run the Git configuration command and point git to the the ca-bundle.export CURL_CA_BUNDLE=/usr/local/share/ca-bundle.crtto my.zshenvdot file since I'm usingzsh. thegit configoption worked for most cases, but when hitting GitHub over SSL (rvm get stablefor example), I still ran into certificate issues. @Maverick pointed this out in his comment, but just in case someone misses it or assumes they don't necessarily need to export this environment variable in addition to running thegit config --system....command. Thanks and hope this helps.It looks like the curl-ca-bundle was recently removed from homebrew. There is a recommendation here.
You will want to drop some files into:
$(brew --prefix)/etc/openssl/certs我在 Solaris Express 11 上也遇到了同样的问题。我花了一段时间,但我设法找到了需要放置证书的位置。根据/etc/openssl/openssl.cnf,证书的路径是/etc/openssl/certs。我放置了使用 Alexey 之前的建议生成的证书。
您可以在命令行上使用 OpenSSL 来验证一切是否正常:
I've been having this same problem for Solaris Express 11. It took me a while, but I managed to find where the certificates needed to be placed. According to /etc/openssl/openssl.cnf, the path for certificates is /etc/openssl/certs. I placed the certificates generated using the previous advice from Alexey.
You can verify that things are working using OpenSSL on the command line:
我使用 apt-cyg(一个类似于 apt-get 的出色安装程序)解决了这个问题
轻松下载ca-certificates(包括 Git 等):
注意:应首先安装 apt-cyg。您可以从 Windows 执行此操作
命令行:
关闭 Windows cmd,然后打开 Cygwin Bash:
I fixed this problem using apt-cyg (a great installer similar to apt-get) to
easily download the ca-certificates (including Git and many more):
Note: apt-cyg should be first installed. You can do this from Windows
command line:
Close Windows cmd, and open Cygwin Bash:
在 Raspberry Pi 上,我有:
输出:
所以我做了一个
然后
工作
On a Raspberry Pi I had:
Output:
So I did a
And then
worked
如果您使用基于 Debian 的操作系统,您只需运行:
If you used a Debian-based OS, you can simply run:
从 GitHub 生成访问令牌并保存它,因为它不会再次出现。
或者,
Generate the access token from GitHub and save it, as it will not appear again.
or,
检查你的时间。
我绝对拒绝让我的 Git 操作变得不安全,在尝试了这里提到的所有内容后,我突然意识到证书无法通过验证的一个可能原因是日期错误(要么是证书到期日期,要么是本地< /strong> 时钟)。
您可以通过在终端中输入
date轻松检查这一点。就我而言(一个新的 Raspberry Pi),本地时钟设置为 1970,因此一个简单的ntpdate -u 0.ubuntu.pool.ntp.org修复了所有问题。对于 Raspberry Pi,我还建议您将以下脚本放入每日 cron 作业中(例如/etc/cron.daily/ntpdate):Check your time.
I absolutely refused to make my Git operations insecure and after trying everything people mentioned here, it struck me that one possible cause why certificates fail to pass verification is that the dates are wrong (either the certificate expiry date, or the local clock).
You can check this easily by typing
datein a terminal. In my case (a new Raspberry Pi), the local clock was set to 1970, so a simplentpdate -u 0.ubuntu.pool.ntp.orgfixed everything. For a Raspberry Pi, I would also recommend that you put the following script in a daily cron job (say/etc/cron.daily/ntpdate):尝试使用 .netrc 文件,它将通过 https 进行身份验证。在您的主目录中创建一个名为
.netrc的文件并将其放入其中:有关详细信息,请参阅此帖子:
https://plus.google.com/u/0/104462765626035447305/posts/WbwD4zcm2fj
Try using a .netrc file, it will authenticate over https. Create a file call
.netrcin your home directory and put this in it:See this post for more info:
https://plus.google.com/u/0/104462765626035447305/posts/WbwD4zcm2fj
改进RouMao的解决方案,在Windows cmd中暂时禁用Git/curl SSL验证:
这个解决方案的好处是只在当前cmd窗口中生效。
Improve RouMao's solution by temporarily disabling Git/curl SSL verification in Windows cmd:
The good thing about this solution is that it only takes effect in the current cmd window.
尝试使用命令
该命令将允许来自 HTTP 的所有不安全的证书,但如果在专业环境中使用,请谨慎使用。
Try using command
This command will allow all the certificate from HTTP which are not secured, but use cautiously if using in a professional environment.
我在我必须管理的协作开发平台上配置 Git 时遇到了同样的问题。
要解决这个问题:
我已经更新了服务器上安装的 Curl 版本。在网站上下载最新版本curl下载页面并按照安装程序操作curl 安装流程
取回为服务器颁发证书的颁发机构的证书。
将此证书添加到curl 使用的CAcert 文件中。在我的服务器上,它位于
/etc/pki/tls/certs/ca-bundle.crt中。通过编辑 .gitconfig 文件并设置 sslcainfo 路径,将 git 配置为使用此证书文件。
sslcainfo= /etc/pki/tls/certs/ca-bundle.crt在客户端计算机上,您还必须获取证书并配置 .gitconfig 文件。
我希望这会对你们中的一些人有所帮助。
I encountered the same problem to configure Git on a collaborative development platform that I have to manage.
To solve it :
I've Updated the release of Curl installed on the server. Download the last version on the website Download page of curland follow the installation proceedings Installation proceedings of curl
Get back the certificate of the authority which delivers the certificate for the server.
Add this certificate to the CAcert file used by curl. On my server it is located in
/etc/pki/tls/certs/ca-bundle.crt.Configure git to use this certificate file by editing the .gitconfig file and set the sslcainfo path.
sslcainfo= /etc/pki/tls/certs/ca-bundle.crtOn the client machine you must get the certificate and configure the .gitconfig file too.
I hope this will help some of you.
我尝试了一切,最终我查看了主机文件,并且有一个随机的GitHub 的条目。删除别名解决了问题。
I tried everything, and eventually I looked in the hosts file and there was a random entry there for GitHub. Removing the alias fixed the problem.
我只是禁用了 SSL 证书身份验证并使用简单的用户名密码登录,如下所示:
I simply disabled the SSL certificate authentication and used the simple user name password login as shown below:
我只需要 Cygwin 和 Git 的证书,所以我做了 @esquifit 发布的内容。但是,我必须手动运行步骤 5,c_rehash 在我的系统上不可用。
我遵循了本指南:将 CA 证书安装到 OpenSSL 框架中反而。
I needed the certificates just for Cygwin and Git, so I did what @esquifit posted. However, I had to run step 5 manually, c_rehash was not available on my system.
I followed this guide: Installing CA Certificates into the OpenSSL framework instead.
我需要两件事:
转到 Cygwin setup 并包含包“ca-certificates”(它位于Net下)(如其他地方已指出)。
告诉 Git 在哪里可以找到已安装的证书:
不需要 Verbose 选项)
或永久存储该选项:
I needed two things:
go to Cygwin setup and include the package 'ca-certificates' (it is under Net) (as indicated elsewhere).
Tell Git where to find the installed certificates:
(Verbose option is not needed)
Or storing the option permanently:
我有同样的问题。
证书导入或取消设置 SSL 验证的命令不起作用。
原来是网络代理的密码过期了。
我的 Windows 用户配置文件中的 .gitconfig 文件中有一个代理配置条目。
我刚刚删除了整个条目,它又开始工作了。
I had the same issue.
Certificate import or command to unset SSL verification didn't work.
It turns out to be an expired password for the network proxy.
There was an entry of proxy configuration in the .gitconfig file present in my Windows user profile.
I just removed the whole entry, and it started working again.
在 Mac OS X 10.5 (Leopard) 系统上,我能够让它与一个简单的方法。首先,运行 GitHub 程序和测试,这对我来说工作正常,表明我的证书实际上没问题。
使用 SSH 连接到 GitHub
然后我终于注意到了另一种远程 URL 格式。我尝试了上面的其他方法,但它们不起作用。
2.5 Git 基础知识 - 使用远程
“git push myRemoteName”效果很好!
On a Mac OS X 10.5 (Leopard) system, I was able to get this to work with a simple method. First, run the GitHub procedures and the test, which worked ok for me, showing that my certificate was actually ok.
Connecting to GitHub with SSH
Then I finally noticed yet another URL format for remotes. I tried the others, above and they didn't work.
2.5 Git Basics - Working with Remotes
A simple "git push myRemoteName" worked great!
我最近(2014 年 7 月)遇到了类似的问题,并在 OS X(v10.9.4 (Mavericks))上发现“DigiCert 高保证 EV 根 CA”证书已过期(尽管我还有另一个未过期的证书)。
我发现两个名为“DigiCert High Assurance EV Root CA”的证书,一个将于 2031 年 11 月到期,另一个已过期一次是在 2014 年 7 月(几天前)。删除过期的证书解决了我的问题。
I recently (Jul 2014) had a similar issue and found on OS X (v10.9.4 (Mavericks)) that there was a "DigiCert High Assurance EV Root CA" certificate had expired (although I had another unexpired one as well).
I found two certificates named "DigiCert High Assurance EV Root CA", one expiring Nov 2031 and the expired one at July 2014 (a few of days previously). Deleting the expired certificate resolved the issue for me.