Git ssl error on windows

I keep getting the following error when attempting to clone a git repository using ssl on windows:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

开发者_运维问答The ssl certificate hierarchy is trusted (the issuer certificate is added to Trusted Root Certificate Authorities) and I can browse to the hosting site (a private instance of Gitorious) without ssl errors. I've tried cloning on Windows 7 and on Windows Server 2008 and it's failed both times.

Anyone got any ideas?

Git Apparently not take certificates saved in windows, you have to specify what editing the path to the certificate file .gitconfig

gitconfig location:

C:\Program Files (x86)\Git\etc

Add the line (replace with the path to file and yourCertificate.ctr with the name to your certificate):

.
.
.
[help]
    format = html
[http]
    sslVerify = true
    sslCAinfo = C:/Program Files (x86)/Git/bin/curl-ca-bundle.crt
    sslCAinfo = [route]/yourCertificate.crt
[sendemail]
    smtpserver = /bin/msmtp.exe

[diff "astextplain"]
.
.
.

and try again..

The location of http.sslcainfo is stored in "C:\ProgramData\Git\config". It is not altered when uninstalling/reinstalling git.

I recently had to change it from

sslCAInfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

to

sslCAInfo = C:/Users/kristof/AppData/Local/Programs/Git/mingw64/ssl/certs/ca-bundle.crt

Also see issue:
Configure http.sslcainfo in Git for Windows' own system-wide config #531
https://github.com/git-for-windows/git/issues/531

Make sure to add to your Git global config file:

 http.sslcainfo=/bin/curl-ca-bundle.crt

Your msysgit instance needs to know where to look for the CA certificates in order to validate them.

See more settings in this SO answer or in "Cannot get Http on git to work".

If all else fails, you can set the environment variable GIT_SSL_NO_VERIFY to true. However, it is hopefully possible to resolve the issue in another way. WARNING: This exposes you to SECURITY RISKS, as you can no longer trust that you're talking to the server you think you're talking to.