Getting "SSL certificate problem: self signed certificate in certificate chain" on pull

Hi @kparksgem,

Really sorry to hear you’re having trouble again. As mentioned by @that-pat earlier in this thread, I think it would be good for you to reach out to private support so we can collaborate with you to troubleshoot the issue further.

Since we need to do some deeper individual troubleshooting, would you mind submitting a help request in our help portal so that we can follow up with you and get some additional inforomation? You can point at this thread for background information and it would be helpful to know what version of Windows you’re using, what git client or clients you’ve encountered this problem with, and whether you’re operating on a personal network or a company network.

@kparksgem wrote:

I was able to pull again last week after my IT deleted and recreated a new GIT account, then cloned all of my files and moved them to a different directory.  This worked well for a few days last week.  However, when I came in this morning after the long weekend… it is back to saying: 

 

“SSL certificate problem: self signed certificate in certificate chain”

@git did not exit cleanly (exit code 1) (578 ms @ 5/29/2018 10:12:11 AM)

My setup at home worked briefly but then this last weekend I also was back to having the “self signed” error.  I was trying to decide what to do when I saw your post.  If you are opening a help ticket please post here if you get a good resolution, I don’t want to open a duplicate ticket.  I’m hoping there’s one underlying problem.

thanks - Dave

@daveg-geokon, I did open a help request when I first had the issue.  I have tried the things they suggested and have yet to come up with a solution.  I sent her a link to this thread for reference and she is asking her team for the next steps.  I will let you know as soon as I have a solution.

@nadiajoyce,

Thank you for your response.  I did submit a help request when the problem first arose.  I was contacted again by Stacey Burns this morning to see how everything was working.  I let her know that unfortunately the issue had returned.  She has currently taken the problem to her team to discuss the next steps.  

I also included a link to this thread because I think it is important to realize that the problem is with different users across different Windows platforms and my network is not the problem because others in the office are not having a problem.  Also, there does not seem to be a problem on Macs, so I am theorizing the problem is with TortoiseGit.

I am having this problem too.  I am not on a corporate network.

$ git --version
git version 2.17.0.windows.1

$ git credential-manager version
Git Credential Manager for Windows version 1.16.1

atal: unable to access ‘https://github.com/Synaccord/synaccord.git/’: schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

I just updated to the latest version of windows 10 and .NET and I am still having this problem.

credential.usehttppath=true
credential.helper=manager

http.sslbackend=schannel

Hi @daveg-geokon,

I really appreciate that you want to prevent opening duplicate tickets for our support team. That’s super considerate of you. However, in this case, I would definitely recommend opening up an individual support case as well.

The more people who open a support case about this issue, the better we can look for patterns in network styles, Git versions, Git tools, Operating System versions, etc. The more information we have, the quicker we can norrow this down.

Thanks!

Hi @daveg-geokon@synaccord@kparksgem@brucesherwood and anyone else having this issue,

We’ve been analysing the information that we’ve gotten from a few different reports and I have some additional information.

If you are using the Kaspersky anti-virus with Web Anti-Virus enabled, this seems to install a Kaspersky certificate which causes problems when connecting to GitHub in this way. To solve this problem, you can try the following steps:

  1. Go into Kaspersky / settings / protection and turn off Web Anti-Virus
  2. Find and remove the Kaspersky certificate installed as part of the Kapersky suite
  3. Reboot your computer and attempt to connect again

If you don’t have Kapersky or if this doesn’t fix your problem, please follow these instructions and add the output to your open support cases:

  1. Run openssl s_client -showcerts -connect github.com:443 and collect the output
  2. Check if switching from cloning via HTTPS to cloning via SSH improves your connectivity

I know this problem is extremely frustrating, so I appreciate your patience as we try to narrow down all of the variables in play with this situation.

Thanks!

1 Like

Many thanks! Turning off Web Anti-Virus in Kaspersky did the trick. Was it a recent change in Kaspersky or a recent change in GitHub that caused the problem? I see why it was so difficult for you to debug, since for those of us for whom that was the problem didn’t think to tell you we were using Kaspersky. I assume the problem comes from some recent change to Kaspersky, not some recent change to GitHub, right?

Bruce

1 Like

Hi @brucesherwood,

It’s hard to say for certain, but GitHub has made no recent changes that should have caused this impact, but there was changes to Git for Windows which allows for Git to use SChannel instead of OpenSSL for managing certificates. This could also be a recent change with Kaspersky’s offerings and how they manage their certificates. Sorry that I can’t be more specific at this time.

Thanks!

I learned how to make Kaspersky permit connections to github.com. See this link:

https://help.kaspersky.com/KIS/2019/en-US/157530.htm

Apparently the issue is that Kaspersky can’t trust certain kinds of encrypted transmissions and you have to specify sites you trust such as github.com.

Bruce

Bruce,

Thanks a lot, I’ll give this a shot tonight.  I do run Kaspersky so it sounds like that is the problem.

Dave

I just switched off Kaspersky Web Anti-Virus and then I was able to pull successfully, so it looks like that was the problem.  Thanks!

Dave

A little bit more - my version of Kaspersky isn’t the latest, it’s a few years old.  In my case just switch off the web option seems to do the trick, although it’s a bit erratic - in one case it worked immediately, one time I had to try to pull a couple of times, and one time I had to reboot.  

The work around did not work for me, but uninstalling Kaspersky and installing McAfee did.  Kaspersky was only on my two machines which explains why others in the office were not having a problem.  

After I changed the anti virus software, it was then saying ‘Repository not found’.  So we had to remove my GIT credentials from the Windows Credential Manager.  Now I have to enter my login and password every time but at least it works.

Thanks for all your help.

I think ur right I’m using Kaspersky and just disabled it and things work fine

I’m having the same issue with errors:

$ git push github
fatal: unable to access 'https://github.com/<...>.git/': SSL certificate problem: self signed certificate in certificate chain

I’m inside of a coorporate network and my machine has McAfee instead of the Kaspersky that y’all found as the kulprit.

Any ideas?

Hi @lewis267,

Since we need to do some deeper individual troubleshooting, would you mind submitting a help request in our help portal so that we can follow up with you and get some additional inforomation? You can point at this thread for background information and please follow these instructions and add the output to your support ticket:

  1. Run openssl s_client -showcerts -connect github.com:443 and collect the output
  2. Check if switching from cloning via HTTPS to cloning via SSH improves your connectivity
2 Likes

Hi @nadiajoyce,

Thank you for the reply. I’ll open a ticket, but I don’t have openssl installed on my windows platform.

1 Like

That’s okay! Whatever information you can provide will be helpful. Private support may have more follow up questions as well.

1 Like

I had this same problem. I am not sure what causes it but I think that your local machine tries to do some SSL verification before making a call to Github. You can prevent it from doing these SSL verifications by running the command

git config --global http.sslVerify false  

After running this command I was able to do git operations from my Windows 10 machine. You might want to do your research on why SSL verifications are important though in order to know the security risks if any

7 Likes