Tag: GitBash

Categories
Java

Git & SSL

In my first post about Git I wrote about the problem with non-public CA signed certitificates and how to handle it. I did not mention the easierst (and unsecured) way to handle this, so I write this post to have all possibilities in one place.

Add certificate to truststore

I download the public certificate of the CA from webbrowser and add it to the truststore of Git.

Where is the cert store of git?

git config --system --list
http.sslcainfo={PathToGit}/mingw64/ssl/certs/ca-bundle.crt

To add the non-public CA cert to Git cert store just open ca-bundle.crt and the downloaded certificate with an text editor and copy the content of the certificate to the ca-bundle.

Use Windows Networking Layer

I configured the sslBackend to the Windows Networking Layer:

# use SChannel, the built-in Windows networking layer. This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism.
git config --global http.sslBackend schannel

Disable SSL Verify

The easierst and unsecure way is to simply disable SSL validation:

git config --global http.sslVerify false

This also works with the system configuration (--system instead of --global). I did this an a project with a very short time budget, we had to configure Git on the Linux system and this Git installation was used by a Jenkins. Both servers, Git & Jenkins, are in the same corporate intranet.

Categories
Java

Git

Short installation guide for Git with GitBash, SourceTree for a simple visual user interface and Git Staging View in Eclipse.

Git and GitBash

Download: https://gitforwindows.org
Install with defaults.

As there was no HOME environment variable set, my Git took some other HOME-like variable (like HOMEPATH, not sure), and this is a network share, so my Git performance was sometimes very poor.
To fix this, just set a HOME variable to your 'normal' profile folder:

Set a persistent environment variable from cmd.exe

setx HOME %%USERPROFILE%%

'set' sets your environment variable in your current shell only, persist it with 'setx'.

Another problem is, that the Git reporitory I tried to connect, has a SSL key signed by a non-public CA. This results to a "ssl pkix path validation failed" error.
To resolve this, I download the public certificate of the CA from webbrowser and add it to the truststore of Git.

Where is the cert store of git?

git config --system --list
http.sslcainfo={PathToGit}/mingw64/ssl/certs/ca-bundle.crt

To add the non-public CA cert to Git cert store just open ca-bundle.crt and the downloaded certificate with an text editor and copy the content of the certificate to the ca-bundle.

Additional I configured the sslBackend to the Windows Networking Layer:

# use SChannel, the built-in Windows networking layer. This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism.
git config --global http.sslBackend schannel

Configure my user details:

git config --global user.name "Ingo Kaulbach"
git config --global user.email "ingo.kaulbach@covestro.com"

Some Git commands for Git configuration:

git config --local --list
git config --global --list
git config --system --list
 
git config --local --edit

Checkout / Clone of a project:

cd /path/to/my/workspace
git clone https://{Username}:{PersonalAccessToken}@gitlab.myserver.biz/project/project.git

SourceTree

Download: https://www.sourcetreeapp.com
Current Version: 3.3.9 (Windows)

Install with default settings, without Mercurial.

Open /path/to/my/workspace/project.

Eclipse

Open Windows -> Perspective -> Open Perspective -> Other -> Git.

In Git Repositories View: Add an existing local Git Repository to this view and open /path/to/my/workspace/project.

To Commit and Push changes only use the Git Staging view!!!