TFS -GIT CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT


Problem 1)

2019-07-02T14:19:12.5157398Z fatal: unable to access 'https://tfssite.company.com/tfs/UK_ProjectCollection/SalesPortal/_git/SalesPortalWeb/': SSL certificate problem: unable to get local issuer certificate
2019-07-02T14:19:12.9764145Z ##[error]Git fetch failed with exit code: 128
2019-07-02T14:19:12.9861630Z ##[section]Finishing: Get Sources













In the TFS_Build Server or App server(if build and app server is in the same machine) >

run the script from this url: https://blog.sanjeebojha.com.np/2019/06/git-ssl-certificate-problem-unable-to.html

Once this is done, you should get another problem:

Problem 2)  CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT

2019-07-02T14:24:57.1800199Z ##[command]git -c http.extraheader="AUTHORIZATION: bearer ***" fetch --tags --prune --progress --no-recurse-submodules origin
2019-07-02T14:24:57.4540146Z fatal: unable to access 'https://tfssite.company.com/tfs/UK_ProjectCollection/SalesPortal/_git/SalesPortalWeb/': schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT
2019-07-02T14:24:57.5198064Z ##[error]Git fetch failed with exit code: 128

2019-07-02T14:24:57.5288511Z ##[section]Finishing: Get Sources


 











  1. Export the certificate public key to a file. The file is later required.
  2. Open the url "https://tfssite.company.com/tfs/projectcollection" in IE
  3. Click on the Lock icon in the browser address bar
  4. Select The Root level Certificate and Click View Certificate

Now Find the certificate file from GIT folder. 
normally it's inside GIT\usr\ssl\certs folder

  1. Copy the file to User folder
copy ca-bundle.trust.crt c:\Users\svc_tfs17_app

  1. Config Git to use trusted certificate using the crt file. 
    git config --global http.sslCAInfo c:\Users\svc_tfs17_app\ca-bundle.crt
  2. Convert the \n (Unix) to \r\n (Windows) so that it can be displayed by notepad editor correctly.
  3. Use the unix2dos open source software to convert \n to \r\n, or other notepad editor to replace \n to \r\n.
  1. Copy the content of tfs.cer from step o to ca-bundle.crt at the bottom of the file.

Done!

Output :


Comments

Popular posts from this blog

GIT - SSL certificate problem: unable to get local issuer certificate

Convert Premium SSD to Standard HDD in Azure