SSL Certificate Error in Hosted TFS with Git

Today we were poking around the new Git offering in Team Foundation Service (hosted TFS), and when I tried to clone our test repo I got the following error:

error: SSL certificate problem, verify that the CA cert is OK.  Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://<account>.visualstudio.com/DefaultCollection/_git/<repo>
fatal: HTTP request failed

Since we didn’t get this error at home, suspicion is that our corporate proxy was interfering with the SSL check somehow.  The solution was simple, just open Git bash and issue the following command:

git config –global http.sslVerify false

After doing this, I could interact with the repo normally.

2 thoughts on “SSL Certificate Error in Hosted TFS with Git”

  1. We have two server SSL certificates from Thawte. We set up these two SSL in the same server.

    Now, we want to access a web service hosted by one of our customer in their server. We are calling this web service from a web service deployed in our server. The customer web service can be accessed only through SSL. They are also using Thawte SSL certificate. They sent their client certificate to us in p7b format and we installed it in our server (since our web service which calls their web service is deployed in our server). When we try to call their web service we are getting the error ‘A certificate is required to complete client authentication’. We use Microsoft .Net for developing our web service.

    We then created a sample application in another machine and tested. We installed the client certificate sent by our customer in this machine. But we again got the same error.

    We tried to access the web service from Internet Explorer. Then it shows a dialog box ‘Client Authentication’

  2. You’re having a completely different issue than I’m describing here. Certificates are notoriously difficult to set up correctly, and even more so to debug. Without sitting in front of the machine that’s very difficult to do. Your best bet is to work with your customer to make sure everything is set up correctly on both sides. Good luck!

Comments are closed.