html/rootcert.html

   1 @section=site guide
   2 @heading=Root Certificate
   3 @header
   4
   5 <!-- This file is preprocessed by cgi/html.cgi -->
   6
   7
   8 <p>This site provides https support in order to support the Git smart HTTP
   9 push protocol.</p>
  10
  11 <p>This obviously requires this site to have an SSL server certificate.  In order
  12 to avoid the hassle (and the cost) of getting an SSL server certificate that
  13 has been signed by a root certificate already included (and trusted) by your
  14 browser, this site uses its own root certificate.</p>
  15
  16 <p>The root certificate for this site is available from:</p>
  17 <blockquote>
  18 <a href="@@path(webadmurl)@@/@@nickname@@_root_cert.pem">@@server(webadmurl)@@/@@nickname@@_root_cert.pem</a>
  19 <br />
  20 md5: <tt>@@md5(@@nickname@@_root_cert.pem)@@</tt>
  21 <br />
  22 sha1: <tt>@@sha1(@@nickname@@_root_cert.pem)@@</tt>
  23 </blockquote>
  24
  25 <p>A side effect of using an unrecognized root certificate is that Git may
  26 complain with an error such as:</p>
  27 <blockquote>
  28 <tt>error: server certificate verification failed</tt>
  29 </blockquote>
  30
  31 <p>To see this error in action, simply execute this git command:</p>
  32 <blockquote><pre>
  33 git ls-remote @@httpspushurl@@/girocco.git
  34 </pre></blockquote>
  35
  36 <p>Instead of downloading the server&#x2019;s root certificate, server certificate verification may be disabled with one of these techniques:</p>
  37
  38 <ol>
  39 <li>Set the <tt>GIT_SSL_NO_VERIFY</tt> environment variable like so:
  40 <pre>
  41 GIT_SSL_NO_VERIFY=1 git ls-remote @@httpspushurl@@/girocco.git
  42 </pre></li>
  43
  44 <li>Temporarily set the git configuration variable <tt>http.sslVerify</tt> like so:
  45 <pre>
  46 git -c http.sslVerify=false \
  47 ls-remote @@httpspushurl@@/girocco.git
  48 </pre></li>
  49 </ol>
  50
  51 <p>Or, after downloading the root certificate for this site, the error may be
  52 avoided through various methods by specifying the root certificate.<br />
  53 For each of these methods, the root certificate will be assumed to be downloaded
  54 and saved to the file <tt>$HOME/certs/@@nickname@@_root_cert.pem</tt>.</p>
  55
  56 <p id="git185">Using Git version 1.8.5 or later (recommended):</p>
  57
  58 <ol>
  59 <li>Configure the global <tt>http.sslCAInfo</tt> variable but only for this site like so:
  60 <pre>
  61 git config --global http.@@base(httpspushurl)@@.sslCAInfo \
  62                     $HOME/certs/@@nickname@@_root_cert.pem
  63 </pre>
  64 <p>Note that this technique requires Git version 1.8.5 or later on the client but has the advantage of only needing to be done once.</p></li>
  65 </ol>
  66
  67 <p>Using any version of Git:</p>
  68
  69 <ol start="2">
  70 <li>Set the <tt>GIT_SSL_CAINFO</tt> environment variable before running git like so:
  71 <pre>
  72 GIT_SSL_CAINFO=$HOME/certs/@@nickname@@_root_cert.pem \
  73 git ls-remote @@httpspushurl@@/girocco.git
  74 </pre></li>
  75
  76 <li>Temporarily set the git configuration variable <tt>http.sslCAInfo</tt> like so:
  77 <pre>
  78 git -c http.sslCAInfo=$HOME/certs/@@nickname@@_root_cert.pem \
  79 ls-remote @@httpspushurl@@/girocco.git
  80 </pre></li>
  81
  82 <li>Configure the git <tt>http.sslCAInfo</tt> variable like so:
  83 <pre>
  84 git config http.sslCAInfo $HOME/certs/@@nickname@@_root_cert.pem
  85 </pre>
  86 <p>Note that this technique works best after the repository has already been cloned
  87 or initialized.</p></li>
  88 </ol>
  89
  90 <p>For further details see the <tt>git help config</tt> output.</p>
  91
  92 @@ifmob@@
  93 <p>For information on how to push to the mob branch using https see <a href="@@path(htmlurl)@@/mob.html#httpsmobpush">here</a>.</p>
  94 @@end@@