apache.conf.in: add MaxProcesses fcgid setting
[girocco.git] / html / rootcert.html
Commit [+]AuthorDateLineData
4c9aedc8
KM
Kyle J. McKay2013-06-19 10:27:48 -07001@section=site guide
2@heading=Root Certificate
3@header
4
5<!-- This file is preprocessed by cgi/html.cgi -->
6
7
8<p>This site provides https support in order to support the Git smart HTTP
9push protocol.</p>
10
11<p>This obviously requires this site to have an SSL server certificate. In order
12to avoid the hassle (and the cost) of getting an SSL server certificate that
13has been signed by a root certificate already included (and trusted) by your
14browser, this site uses its own root certificate.</p>
15
16<p>The root certificate for this site is available from:</p>
17<blockquote>
a4b6378e Kyle J. McKay2014-01-26 22:13:19 -080018<a href="@@path(webadmurl)@@/@@nickname@@_root_cert.pem">@@server(webadmurl)@@/@@nickname@@_root_cert.pem</a>
7c33caae
KM
Kyle J. McKay2014-03-06 17:37:34 -080019<br />
20md5: <tt>@@md5(@@nickname@@_root_cert.pem)@@</tt>
21<br />
22sha1: <tt>@@sha1(@@nickname@@_root_cert.pem)@@</tt>
4c9aedc8
KM
Kyle J. McKay2013-06-19 10:27:48 -070023</blockquote>
24
25<p>A side effect of using an unrecognized root certificate is that Git may
26complain with an error such as:</p>
27<blockquote>
28<tt>error: server certificate verification failed</tt>
29</blockquote>
30
31<p>To see this error in action, simply execute this git command:</p>
32<blockquote><pre>
33git ls-remote @@httpspushurl@@/girocco.git
34</pre></blockquote>
35
36<p>Instead of downloading the server&#x2019;s root certificate, server certificate verification may be disabled with one of these techniques:</p>
37
38<ol>
39<li>Set the <tt>GIT_SSL_NO_VERIFY</tt> environment variable like so:
40<pre>
41GIT_SSL_NO_VERIFY=1 git ls-remote @@httpspushurl@@/girocco.git
42</pre></li>
43
44<li>Temporarily set the git configuration variable <tt>http.sslVerify</tt> like so:
45<pre>
46git -c http.sslVerify=false \
47ls-remote @@httpspushurl@@/girocco.git
48</pre></li>
49</ol>
50
51<p>Or, after downloading the root certificate for this site, the error may be
d8a9c9b3
KM
Kyle J. McKay2013-11-30 17:58:15 -080052avoided through various methods by specifying the root certificate.<br />
53For each of these methods, the root certificate will be assumed to be downloaded
54and saved to the file <tt>$HOME/certs/@@nickname@@_root_cert.pem</tt>.</p>
55
56<p id="git185">Using Git version 1.8.5 or later (recommended):</p>
4c9aedc8
KM
Kyle J. McKay2013-06-19 10:27:48 -070057
58<ol>
d8a9c9b3
KM
Kyle J. McKay2013-11-30 17:58:15 -080059<li>Configure the global <tt>http.sslCAInfo</tt> variable but only for this site like so:
60<pre>
61git config --global http.@@base(httpspushurl)@@.sslCAInfo \
62 $HOME/certs/@@nickname@@_root_cert.pem
63</pre>
64<p>Note that this technique requires Git version 1.8.5 or later on the client but has the advantage of only needing to be done once.</p></li>
65</ol>
66
67<p>Using any version of Git:</p>
68
69<ol start="2">
4c9aedc8
KM
Kyle J. McKay2013-06-19 10:27:48 -070070<li>Set the <tt>GIT_SSL_CAINFO</tt> environment variable before running git like so:
71<pre>
d8a9c9b3 Kyle J. McKay2013-11-30 17:58:15 -080072GIT_SSL_CAINFO=$HOME/certs/@@nickname@@_root_cert.pem \
4c9aedc8
KM
Kyle J. McKay2013-06-19 10:27:48 -070073git ls-remote @@httpspushurl@@/girocco.git
74</pre></li>
75
76<li>Temporarily set the git configuration variable <tt>http.sslCAInfo</tt> like so:
77<pre>
d8a9c9b3 Kyle J. McKay2013-11-30 17:58:15 -080078git -c http.sslCAInfo=$HOME/certs/@@nickname@@_root_cert.pem \
4c9aedc8
KM
Kyle J. McKay2013-06-19 10:27:48 -070079ls-remote @@httpspushurl@@/girocco.git
80</pre></li>
81
82<li>Configure the git <tt>http.sslCAInfo</tt> variable like so:
83<pre>
d8a9c9b3 Kyle J. McKay2013-11-30 17:58:15 -080084git config http.sslCAInfo $HOME/certs/@@nickname@@_root_cert.pem
4c9aedc8
KM
Kyle J. McKay2013-06-19 10:27:48 -070085</pre>
86<p>Note that this technique works best after the repository has already been cloned
87or initialized.</p></li>
88</ol>
89
90<p>For further details see the <tt>git help config</tt> output.</p>
91
92@@ifmob@@
e9149022 Kyle J. McKay2013-07-05 21:50:10 -070093<p>For information on how to push to the mob branch using https see <a href="@@path(htmlurl)@@/mob.html#httpsmobpush">here</a>.</p>
4c9aedc8 Kyle J. McKay2013-06-19 10:27:48 -070094@@end@@