Git on Windows and custom SSL proxy certificate problem

Modern proxies, usually used on a companies, check each downloaded data for malicious code. For allow check of SSL connections the proxy provide a custom SSL certificate to use from inside company PCs. Use this custom certificate in a browser is a very easy operation since all modern browser can manage them by internally install the certificate. However with some other tool like Git the procedure is a bit more complicated.

Please note this small tutorial refer to Git used on Windows (target test is Windows 10). The custom certificate provided for use with the proxy have usually .cer or .crt extensions type. As already said the browsers can easily manage it but using Git with this kind of proxies will not work for majority of SSL connections (https) to remote repositories. Fortunately latest version of Git can manage authentications by using native Windows Secure Channel Library. Is important to select this modality during Git installation phase by selection the corresponding option as follow:

Once installed with this settings we need to install proxy certificate inside Windows. The operation is very simple, just mouse right click over the certificate file and in the menu showed select the item Install certificate. There are a couple of options to choose for complete the operation, select as you prefer. After operation finished you could theoretically use Git for clone a remote repository using an https url but unfortunately it will still not work and the following error will be showed:

schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)

For avoid this error and have Git working as expected you have to type the following command on a  command line console:

git config --global http.schannelCheckRevoke false

Once done try again the repository clone operation and all should work as expected (I hope).


Popular posts from this blog

Access GPIO from Linux user space

Launch an app from Android shell terminal

Android: adb push and read-only file system error