If you use Git on Windows (either via command-line or a GUI), you might run into the following error:
$ git clone https://lanedirt.tech/repo.git Cloning into 'repo'... fatal: unable to access 'https://lanedirt.tech/repo.git/': SSL certificate problem: unable to get local issuer certificate
Read on in order to fix this..
Problem and cause
When you encounter the error above on Windows machines, it is most often caused by the SSL backend config option. The SSL backend defines at which place Windows will look for known root certificate authorities in order to verify a SSL certificate.
During the installation of Git for Windows, you will see the following option:
- OpenSSL: this is the built-in certificate store which is shipped with Git by default. However, this built-in certificate store does not contain any custom SSL certificate authorities which Windows knows about (e.g. internal SSL certs used in company local networks).
- Native Windows Secure Channel library: this option uses the Windows SChannel backend, which will cause all SSL certificate validations to be handled by Windows itself. This has the benefit that any custom SSL root certificates added to Windows (e.g. distributed via Active Directory) will also work with Git.
Solution: use SChannel
As you can see in the screenshot above, the default option for new installations is to use the OpenSSL library. However, you can switch this config option via command line at any time you want. Most of the times, switching to the “SChannel” SSL backend will fix all problems. To do this, open up a Git bash window, and input the following:
git config --global http.sslbackend schannel
This will set SChannel as the default sslbackend for all Git projects on this machine. Now if we try to execute a Git clone again, it will work:
$ git clone https://lanedirt.tech/repo.git Cloning into 'repo'... remote: Enumerating objects: 66576, done. remote: Counting objects: 100% (988/988), done. remote: Compressing objects: 100% (171/171), done. remote: Total 66576 (delta 921), reused 856 (delta 817), pack-reused 65588 Receiving objects: 100% (66576/66576), 64.34 MiB | 32.36 MiB/s, done. Resolving deltas: 100% (41051/41051), done. Updating files: 100% (10253/10253), done.
Success!