Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = Unable to get local issuer certificate Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = Unable to get local issuer certificate git git

Visual Studio 2017 Enterprise + TFS 2018 + Git Clone = Unable to get local issuer certificate


git tfs visual-studio-2017 ssl-certificate

Here what I did to fix my issue:

In Git Settings, Global Settings in Team Explorer, there is an option to choose between OpenSSL and Secure Channel.

Starting with Visual Studio 2017 (version 15.7 preview 3) use of SChannel in Git Global settings fixed my issue.

git tfs visual-studio-2017 ssl-certificate

After two day with system admin support, I got the solution.I post it here in case it may help somebody else.Visual Studio 2017 looks not accepting a self signed certificate, as error states ("local issuer blah blah"). It has to be a local CA to approve it.Steps were:

Server:

  1. Install Company/Trusted CA on TFS machine as Trusted Authority root
  2. Preparing certificate for TFS and make it derive from company/trusted CA.
  3. Install it as Trusted Authority root in TFS machine
  4. Configure TFS-IIS binding in order to make TFS certificate to be compulsory for HTTPS connections

Client:

  1. Install CA certificate as Trusted Authority root on client machine (tried with Windows 7 and 10)
  2. Install TFS certificate as Trusted Authority root on client machine (you should see the lock in browser and connecting through it has to be recognized as secure)
  3. Install Git client (I have Git-2.15.1.2-64-bit).
  4. Run a shell (cmd, Powershell, Git-bash as you prefer) and digit this command: git config --global http.sslCAInfo C:/Users//ca-bundle.crt (because Git and Visual Studio have multiple folders where they store certificates, you are basically creating a global path for both of them)
  5. Now you should be able to see a new .gitconfig file with this content: [http]sslCAInfo = C:/Users//ca-bundle.crt
  6. if you digit command "git config --list --show-origin" you should see the new path/config added
  7. Copy ca-bundle.crt from C:\Program Files\Git\mingw64\ssl\certs path to C:/Users// path
  8. Export CA certificate as Base 64 X.509 (.CER) to up to you path (you can view certificates from IE Internet Options/Content/Certificates).
  9. Open it with editor like Notepad++ or whatever the CA certificate that you just exported. Content should be: -----BEGIN CERTIFICATE-----publickey-----END CERTIFICATE-----
  10. Copy this content
  11. Open the C:/Users//ca-bundle.crt and paste appending that content
  12. Export TFS certificate as Base 64 X.509 (.CER) to up to you path.
  13. Open it with the editor you prefer and copy the content
  14. Open the C:/Users//ca-bundle.crt and paste appending that content
  15. Save the file

Now you should be able to clone repository.

So basically the point is that certificate has to have the all chain authority in it and there has to be one.

git tfs visual-studio-2017 ssl-certificate

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last