How to fix Git error: unable to get local issuer certificate on Windows

If you use Git on Windows (either via command-line or a GUI), you might run into the following error:

$ git clone https://lanedirt.tech/repo.git
Cloning into 'repo'...
fatal: unable to access 'https://lanedirt.tech/repo.git/': SSL certificate problem: unable to get local issuer certificate

Read on in order to fix this..

Problem and cause

When you encounter the error above on Windows machines, it is most often caused by the SSL backend config option. The SSL backend defines at which place Windows will look for known root certificate authorities in order to verify a SSL certificate.

During the installation of Git for Windows, you will see the following option:

Git for Windows installation wizard
  • OpenSSL: this is the built-in certificate store which is shipped with Git by default. However, this built-in certificate store does not contain any custom SSL certificate authorities which Windows knows about (e.g. internal SSL certs used in company local networks).
  • Native Windows Secure Channel library: this option uses the Windows SChannel backend, which will cause all SSL certificate validations to be handled by Windows itself. This has the benefit that any custom SSL root certificates added to Windows (e.g. distributed via Active Directory) will also work with Git.

Solution: use SChannel

As you can see in the screenshot above, the default option for new installations is to use the OpenSSL library. However, you can switch this config option via command line at any time you want. Most of the times, switching to the “SChannel” SSL backend will fix all problems. To do this, open up a Git bash window, and input the following:

git config --global http.sslbackend schannel

This will set SChannel as the default sslbackend for all Git projects on this machine. Now if we try to execute a Git clone again, it will work:

$ git clone https://lanedirt.tech/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 66576, done.
remote: Counting objects: 100% (988/988), done.
remote: Compressing objects: 100% (171/171), done.
remote: Total 66576 (delta 921), reused 856 (delta 817), pack-reused 65588
Receiving objects: 100% (66576/66576), 64.34 MiB | 32.36 MiB/s, done.
Resolving deltas: 100% (41051/41051), done.
Updating files: 100% (10253/10253), done.

Success!

Published
Categorized as Git, Windows

By Leendert de Borst

Freelance software architect with 10+ years of experience. Expert in translating complex technical problems into creative & simple solutions.

Leave a comment

Your email address will not be published. Required fields are marked *