Error Reading Ca Cert File /etc/ssl/certs/ca-certificates.crt
communities company blog Stack Exchange Inbox Reputation and Badges sign up log in tour help Tour Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Ask Ubuntu Questions Tags Users Badges Unanswered Ask Question _ Ask Ubuntu is a question and answer site for Ubuntu users and developers. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Permission Issues with /etc/ssl/certs/ca-certificates.crt up vote 1 down vote favorite When trying to curl or git clone something over HTTPS as a regular user, it fails with the error: fatal: unable to access 'https://github.com/mikemackintosh/xxx/': Problem with the SSL CA cert (path? access rights?) Note: If i run the commands as root, it works fine, but root should not be the only user able to communicate over ssl. So I think to myself, ok, what's curl doing behind the scenes: $ GIT_CURL_VERBOSE=1 git clone https://github.com/mikemackintosh/xxx Cloning into 'xxx'... * Couldn't find host github.com in the .netrc file; using defaults * Hostname was NOT found in DNS cache * Trying 192.30.252.130... * Connected to github.com (192.30.252.130) port 443 (#0) * error reading ca cert file /etc/ssl/certs/ca-certificates.crt (Error while reading file.) * Closing connection 0 fatal: unable to access 'https://github.com/mikemackintosh/xxx/': Problem with the SSL CA cert (path? access rights?) As a result, we are able to confirm the ca-certificate file is: /etc/ssl/certs/ca-certificates.crt which matches curl-config -ca output. The next step is to try and read the file. As just a plain-old, non-root user: $ cat /etc/ssl/certs/ca-certificates.crt cat: /etc/ssl/certs/ca-certificates.crt: Permission denied Now that seems strange. $ sudo ls -la /etc/ssl/certs/ca-certificates.crt -rw-r--r-- 1 root root 273790 Jun 15 22:35 /etc/ssl/certs/ca-certificates.crt $ sudo lsattr /etc/ssl/certs/ca-certificates.crt -------------e-- /etc/ssl/certs/ca-certificates.crt So looking at the permissions, it is world-readable. There should be no problem accessing it. No crazy attributes preventing access. doing an ls -la /etc/ssl/certs/ returns: ... l????????? ? ? ? ? ? Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pe
Sign in Pricing Blog Support Search GitHub This repository Watch 1,020 Star 18,556 Fork 5,078 gitlabhq/gitlabhq Code Issues 0 Pull requests 0 Projects 0 Pulse Graphs New issue Cloning via HTTPS fails because of server certificate verification failure. #4272 Closed jerrac opened this Issue Jun 10, 2013 · 47 comments Projects None yet Labels Awaiting developer action/feedback Configuration/Check Milestone No milestone Assignees No one assigned 32 participants and others jerrac commented Jun 10, 2013 http://askubuntu.com/questions/636962/permission-issues-with-etc-ssl-certs-ca-certificates-crt Every time I try to clone a repo over https, it fails. Says: git clone https://git.tld/gitdeploy.git Cloning into 'gitdeploy'... error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://git.tld/gitdeploy.git/info/refs fatal: HTTP request failed I've triple checked that I have ssl configured correctly on nginx, and as far as I can tell, it's fine. Am https://github.com/gitlabhq/gitlabhq/issues/4272 I missing a step there? I'm not sure what else to check. Since SSH cloning works fine, I'm not too worried about this. But since the option is in the interface, I'd like it to work. I'm running: Ubuntu 12.04 LTS server. nginx version 1.1.19 Gitlab 5.1.0 Gitlab-Shell 1.3.0 Any help is appreciated. GitLab member axilleas commented Jun 10, 2013 In gitlab shell, change this to true, restart the service and try again. jerrac commented Jun 10, 2013 No good. Still get the same error. Is there anything I need to restart after editing the config file? I did restart nginx and gitlab. # GitLab user. git by default user: git # Url to gitlab instance. Used for api calls gitlab_url: "https://git.tld/" #tried "http://git.tld/" as well. # Repositories path repos_path: "/home/git/repositories" # File used as authorized_keys for gitlab user auth_file: "/home/git/.ssh/authorized_keys" self_signed_cert: true GitLab member axilleas commented Jun 11, 2013 Can you please paste you nginx config? Also check if there is any info that could help us
Get Kubuntu Get Xubuntu Get Lubuntu Get UbuntuStudio Get Mythbuntu Get Edubuntu Get Ubuntu-GNOME Get UbuntuKylin Ubuntu Code of Conduct Ubuntu Wiki Community Wiki Other Support Launchpad Answers Ubuntu https://ubuntuforums.org/showthread.php?t=1865952 IRC Support AskUbuntu Official Documentation User Documentation Social Media Facebook Twitter Useful Links Distrowatch Bugs: Ubuntu PPAs: Ubuntu Web Upd8: Ubuntu OMG! Ubuntu Ubuntu Insights Planet Ubuntu Activity Page Please read before http://derekmolloy.ie/fixing-git-and-curl-certificates-problem-on-beaglebone-blac/ SSO login Advanced Search Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [SOLVED] Problems with git and SSL Having an Issue With Posting ? Do you want to help us debug the error reading posting issues ? < is the place to report it, thanks ! Results 1 to 10 of 10 Thread: Problems with git and SSL Thread Tools Show Printable Version Subscribe to this Thread… Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode October 20th, 2011 #1 BradNeuman View Profile View Forum Posts Private Message 5 Cups of Ubuntu Join Date Feb 2007 Beans 23 error reading ca Problems with git and SSL A bit of background: I have spent a long time trying to understand this problem, with no luck, so hopefully someone here can enlighten me. I am running a simple webserver which will host git repositories. We want to use smart http to allow git over https with autentication. Many of the people who will use these repositories are not very technically savvy, so we need a simple way for them to access the repos. Walking them through anything that requires any understand of using the command line aside from copy-pasting commands would be a huge headache, so we are hoping to avoid using ssh keys. The problem: I have a signed ssl certificate on the webserver which works in chrome and firefox, as well as using curl or wget with no errors or warnings, but when I go to check out a git repo Code: https://user@mysite.com/git/test.git , there is an error: Code: error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none Now I think the problem is that for whatever reason, the CA certificate I am using (Comodo High-Assurance Secure Server CA) is not in the /etc/ssl/certs/ca-certificates.crt file, b
MotorsUSB WiFi & Building a Linux KernelImage Processing & OpenCVStreaming Video & Custom Video PlayerThe Raspberry PIThe ArduinoArduino LCD TutorialArduino RGB LED TutorialSerial to Parallel ConversionDriving a 8×8 LED Matrix using the ArduinoArduino on a BreadboardArduino Reaction Timer with LCD DisplayAVR Programming Introduction TutorialAVR ProgrammingGeneral Source Code for VideosTools for ElectronicsElectronics ProjectsBlog BlogBeagleBone BlogRaspberry PIDigital ElectronicsOther FAQAbout HomeEmbedded Systems The BeagleboneGetting Started - USB Network AdapterC++ Development with EclipseAdding Java and Eclipse DevelopmentGPIO ProgrammingAn I2C TutorialQt on the BeagleboneDriving Stepper MotorsUSB WiFi & Building a Linux KernelImage Processing & OpenCVStreaming Video & Custom Video PlayerThe Raspberry PIThe ArduinoArduino LCD TutorialArduino RGB LED TutorialSerial to Parallel ConversionDriving a 8×8 LED Matrix using the ArduinoArduino on a BreadboardArduino Reaction Timer with LCD DisplayAVR Programming Introduction TutorialAVR ProgrammingGeneral Source Code for VideosTools for ElectronicsElectronics ProjectsBlog BlogBeagleBone BlogRaspberry PIDigital ElectronicsOther FAQAbout Git and Curl SSL Certificates Configuration on Beaglebone Black HomeBlogBeagleboneGit and Curl SSL Certificates Configuration on Beaglebone Black Previous Next Git and Curl SSL Certificates Configuration on Beaglebone BlackI have noticed that on the Beaglbone Black that I am constantly having problems with git and curl when it comes to https sites. This post addresses the configuration problems and shows you different ways to solve the problem that may suit your particular needs.Fixing the SSL problems with GitOut of the box, if you try to commit to a github repository using https (a requirement of github) then you will have difficulties with certificates. The error you will get looks like this (I'm using -v for verbose mode): root@beaglebone:~# git clone https://github.com/derekmolloy/boneCV.git -v Cloning into 'boneCV'... fatal: unable to access 'https://github.com/derekmolloy/boneCV.git/': Problem with the SSL CA cert (path? access rights?)123root@beaglebone:~# git clone https://github.com/derekmolloy/boneCV.git -vCloning into 'boneCV'...fatal: unable to access 'https://github.com/derekmolloy/boneCV.git/': Problem with the SSL CA cert (path? access rights?)Under older versions of git, the problem may also appear as: ro