时间戳

首页 > 解决方案 > VSTFS 构建错误 - SSL 证书问题:无法获取本地颁发者证书

continuous-integration - VSTFS 构建错误 - SSL 证书问题:无法获取本地颁发者证书

问题描述

我是 CI 新手。我定义了一个构建。当我排队构建时出现以下错误:

2018-10-08T09:54:50.0136696Z ##[command]git config --get-all http.https://testurl.extraheader
2018-10-08T09:54:50.1425808Z ##[command]git config --get-all http.proxy
2018-10-08T09:54:50.2763750Z ##[command]git -c http.extraheader="AUTHORIZATION: bearer ********" fetch --tags --prune --progress --no-recurse-submodules origin
2018-10-08T09:54:51.1465256Z fatal: unable to access 'https://testdomain/tfs/Project/_git/Project.Test/': SSL certificate problem: unable to get local issuer certificate
2018-10-08T09:54:51.1719172Z ##[error]Git fetch failed with exit code: 128

标签: continuous-integrationtfsbuild

解决方案

This error occurs when a self-signed certificate cannot be verified.

Here is the same issue discussed on GitHub : https://github.com/Microsoft/azure-pipelines-agent/issues/688

You can try below workarounds:

  • Add Enterprise CA certificate to git config –global http.sslCAInfo.

  • Tell Git where to find the CA bundle by running:

    git config --system http.sslCAPath /absolute/path/to/git/certificates

  • Modify the ca-bundle.crt file to include the domain's root cert which found in the <agent install directory>\externals\git\mingw64\ssl\certs folder.

  • Turn off sslVerify with:

    git config --system http."https://our.internal:port/".sslVerify false

  • Try following the tutorial which mentioned in below blog: https://blogs.msdn.microsoft.com/phkelley/2014/01/20/adding-a-corporate-or-self-signed-certificate-authority-to-git-exes-store/

  • Try to deploy an new agent using the release 2.129.0 agent which contains git SChannel support.

    To enable git to use SChannel, you need to pass --gituseschannel during agent config. ex:

    ./config.cmd --gituseschannel

You can also reference the solutions mentioned in this thread: SSL certificate problem: Unable to get local issuer certificate

推荐阅读