如何将 Git 配置为信任来自 Windows 证书存储区的证书?

目前,在我的用户目录的 .gitconfig中有以下条目。

...
[http]
sslCAInfo=C:\\Users\\julian.lettner\\.ssh\\git-test.pem
...

这将设置与 git 服务器交互时使用的证书(我公司的 git 服务器需要这个证书)。

但是现在我不能克隆其他存储库(例如 GitHub 上的公共存储库) ,因为客户机总是使用被其他服务器拒绝的已配置证书。

我如何规避这个认证问题? 我可以配置 Git 使用 Windows 证书存储来进行身份验证吗?

148737 次浏览
小开

Use:

git config  --local ...

To specify per-repository settings. Local settings are stored in the .git directory.

An overview of the three locations where git can store settings:

  • --local: Repository specific, <repo_dir>/.git/config
  • --global: User-specific, ~/.gitconfig
  • --system: System default, /etc/gitconfig

More specific ones override more general settings, i.e. local overrides both global and system.

小开
最佳答案

Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer. This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism.

From the Git for Windows 2.14 release notes:

It is now possible to switch between Secure Channel and OpenSSL for Git's HTTPS transport by setting the http.sslBackend config variable to "openssl" or "schannel"; This is now also the method used by the installer (rather than copying libcurl-4.dll files around).

You can choose the new SChannel mechanism during the installation of Git for Windows 2.14. You can also update an existing installation to use SChannel by running:

git config --global http.sslBackend schannel

Once you have configured this, Git will use the Windows certificate store and should not require (and, in fact, should ignore) the http.sslCAInfo configuration setting.


提交答案