egit with self signed certificate, https

java eclipse git https egit

11,271

Solution 1

You can also just set eGit to ignore server verification. In Eclipse go to Window -> Preferences.

From there go to Team -> Git -> Configuration

Click "New Entry"

Key: http.sslVerify Value: false

Click "OK"

For a more detailed approach to this check out my blog post here: http://www.pur-logic.com/2012/04/21/egit-self-signed-certificate/

Solution 2

You have to import that certificate into your keystore (either the default keystore cacerts in your JDK directory or you specify one with the parameter -Djavax.net.ssl.trustStore).

Solution 3

The FAQ of CAcert provides the commandline for keytool:

keytool -keystore $/PATH/TO/CACERTS/KEYSTORE -storepass changeit -import -trustcacerts -v -alias cacertclass1 -file root.crt

Possibly, you have to omit -trustcacerts to import a normal certificate.
-alias might also be unnecessary

Solution 4

We should use http.sslCAInfo option for this use-case.
However, eclipse JGit development status for this option has been stuck for a very long time.

FYI

View more solutions

11,271

Author by

Hubidubi

Updated on June 24, 2022

Comments

Hubidubi almost 2 years

I would like to use a git repo that is accessigble through https, Https server has self signed certificate. I always get an error while trying to clone the repo with eclipse+egit:

https://host/path: cannot open git-upload-pack sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is it possible to bypass this problem? I used export GIT_SSL_NO_VERIFY=1 command to skip ssl verification with the console client. This trick doesn't work with eclipse.

Thanks,

Hubi
Chris almost 11 years

Is this the same problem if IP address is used instead of hostname ?
Brian almost 9 years

Can you explain how you did this? I think this is also my problem
shturec about 8 years

As stated in numerous answers related to the topic "self-signed certificates and git" using http.sslVerify:false is a terrible practice from security PoV and should be an absolute last resort, especially that there are other options. This answer solves the issue and opens up for others, normally considered much more severe. But hey, hackers gotta eat too, right? :) The root problem here is that the self-signed certificate is not trusted by the java used by egit/eclipse. And the solution is simply to enroll it in cacert.
shturec about 8 years

Unlike the answer selected by the author this one doesn't open security vulnerabilities and should be the preferred one as it is a solution for the exact problem here - the java used by egit doesn't recognize the certificate as trusted.