0

I have a Bitbucket server running onprem with a certificate. I added it to the keystore ussing the follwing commands 

openssl pkcs12 -export -in myurl.com.cer -inkey myurl.com.key -out myurl.com.p12 keytool -importkeystore -srckeystore myurl.com.p12 -srcstoretype PKCS12 -destkeystore bitbucket.jks -deststoretype JKS

It looks like this if i view the server in Chrome (which looks good):

enter image description here

When i try clone a Repository from the Server i get the Following Error

root@BS01:~# git clone https://source.server.com/scm/p/project.git Cloning into 'project'...

fatal: unable to access 'https://source.server.com/scm/p/project.git': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

On windows the error looks a bit different:

fatal: unable to access 'https://source.server.com/scm/p/project.git/': SSL certificate problem: unable to get local issuer certificate

When i Google for this error a lot of soltions suggest that i have to use a CA Certificate istead of a selfsigned one (Maybe I got the concept wrong but i thought the Certificate is a CA Certificate) or disable sslVerificaction entirely (which is not acceptable) What problem does git have with the certificate and how to fix that?

Improve this question
2
  • Is the Issued to: field actually blank? Or did you do edit it for privacy? Commented May 29, 2018 at 18:43
  • @Ryan it is filled, just "erased". Commented May 30, 2018 at 5:57

1 Answer 1

Reset to default
0

Acually the certificate is only fine on my Computer, Mobile Devices did not trust it aswell - if I concatenate the whole trust chain into one .pem file looking like this:

-----BEGIN RSA PRIVATE KEY----- KEY FROM domain.key -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- domain.crt -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate.crt -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Root.crt -----END CERTIFICATE-----

And add this one to the jks it works as expected.

openssl pkcs12 -export -in server.pem \ -out server.p12 -name tomcat keytool -importkeystore -srckeystore server.p12 \ -srcstoretype pkcs12 -destkeystore bitbucket.jks -deststoretype JKS
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.