Support git clone for repos with self-signed SSL certs
See original GitHub issueIs your enhancement related to a problem? Please describe.
Say I’m a customer behind a firewall (air gap).
I have company wide certs for connecting my local laptop to company internal git repos.
But when I fire up Che 7, launch a workspace from a devfile…
projects:
- name: java-maven-helloworld
source:
type: git
location: "https://git.mycorp.com/projects-r-us/java-maven-helloworld.git"
… and try to clone from the repo, I can’t connect:
The only workaround is to open a console in the Che 7 workspace, and do this:
git config --global http.sslverify “false”
git clone https://git.mycorp.com/projects-r-us/java-maven-helloworld.git
So… how can I get those certs into my che 7 workspace OOTB via the devfile, so I can clone from those repos as part of workspace creation, rather than via a manual step?
Describe the solution you’d like
We can do it in same way how it works for Keycloak at the moment, here helm template and Java code in Che repository. Also need to configure git trust store.
Workflow will be:
- admin put somewhere correct SSL certificate for internal Git server (with name like CHE_GIT_SSL_CERT);
- during start workspace we will:
- mount this certificate on each container as k8s secret, in specified path;
- modify git config
git config --global http.sslCAInfo /home/some-path/git-certs/cert.pem;
Issue Analytics
- State:
- Created 4 years ago
- Comments:22 (18 by maintainers)
Top Results From Across the Web
Unable to clone Git repository due to self signed certificate
Git server is using self signed certificate and Fisheye/Crucible is unable to clone a Git repository. The following appears in the ...
Read more >How can I make git accept a self signed certificate?
Export the root self-signed Certificate to a file. You can do this from within your browser. Locate the “ca-bundle.crt” file in your git...
Read more >6 Ways to fix : SSL certificate problem: self signed ... - Jhooq
Scenario 1 : Git clone - SSL certificate problem: self signed certificate in certificate chain ... It is one of the most common...
Read more >Fix Git Self Signed Certificate in Certificate Chain on Windows
A popular workaround is to disable SSL Verification using git config --global http.sslVerify false but that creates large security risks.
Read more >Using self-signed certificates with Git – hydro|ecology
Using self-signed certificates with Git · openssl s_client -connect www.github.com:443 · -----BEGIN CERTIFICATE----- ...a bunch of garbage... ---- ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Another option: since in user preferences we already persist
git.username
andgit.email
it may make sense to persistgit.http.sslverify
as well. I mean user config should probably not live in a devfile.Sub issue is resolved: https://github.com/eclipse/che-operator/pull/142