How can I make git accept a self signed certificate?

To permanently accept a specific certificate

Try http.sslCAPath or http.sslCAInfo. Adam Spiers's answer gives some great examples. This is the most secure solution to the question.

To disable TLS/SSL verification for a single git command

try passing -c to git with the proper config variable, or use Flow's answer:

git -c http.sslVerify=false clone https://example.com/path/to/git

To disable SSL verification for a specific repository

It is possible to globally deactivate ssl verification. It is highly recommended to NOT do this but it is mentioned for completeness:

git config --global http.sslVerify false # Do NOT do this!

There are quite a few SSL configuration options in git. From the man page of git config:

http.sslVerify    Whether to verify the SSL certificate when fetching or pushing over HTTPS.    Can be overridden by the GIT_SSL_NO_VERIFY environment variable.http.sslCAInfo    File containing the certificates to verify the peer with when fetching or pushing    over HTTPS. Can be overridden by the GIT_SSL_CAINFO environment variable.http.sslCAPath    Path containing files with the CA certificates to verify the peer with when    fetching or pushing over HTTPS.    Can be overridden by the GIT_SSL_CAPATH environment variable.

A few other useful SSL configuration options:

http.sslCert    File containing the SSL certificate when fetching or pushing over HTTPS.    Can be overridden by the GIT_SSL_CERT environment variable.http.sslKey    File containing the SSL private key when fetching or pushing over HTTPS.    Can be overridden by the GIT_SSL_KEY environment variable.http.sslCertPasswordProtected    Enable git's password prompt for the SSL certificate. Otherwise OpenSSL will    prompt the user, possibly many times, if the certificate or private key is encrypted.    Can be overridden by the GIT_SSL_CERT_PASSWORD_PROTECTED environment variable.

You can set GIT_SSL_NO_VERIFY to true:

GIT_SSL_NO_VERIFY=true git clone https://example.com/path/to/git

or alternatively configure Git not to verify the connection on the command line:

git -c http.sslVerify=false clone https://example.com/path/to/git

Note that if you don't verify SSL/TLS certificates, then you are susceptible to MitM attacks.

I'm not a huge fan of the [EDIT: original versions of the] existing answers, because disabling security checks should be a last resort, not the first solution offered. Even though you cannot trust self-signed certificates on first receipt without some additional method of verification, using the certificate for subsequent git operations at least makes life a lot harder for attacks which only occur after you have downloaded the certificate. In other words, if the certificate you downloaded is genuine, then you're good from that point onwards. In contrast, if you simply disable verification then you are wide open to any kind of man-in-the-middle attack at any point.

To give a specific example: the famous repo.or.cz repository provides a self-signed certificate. I can download that file, place it somewhere like /etc/ssl/certs, and then do:

# Initial cloneGIT_SSL_CAINFO=/etc/ssl/certs/rorcz_root_cert.pem \    git clone https://repo.or.cz/org-mode.git# Ensure all future interactions with origin remote also workcd org-modegit config http.sslCAInfo /etc/ssl/certs/rorcz_root_cert.pem

Note that using local git config here (i.e. without --global) means that this self-signed certificate is only trusted for this particular repository, which is nice. It's also nicer than using GIT_SSL_CAPATH since it eliminates the risk of git doing the verification via a different Certificate Authority which could potentially be compromised.