I get the following error when accessing Github over HTTPS:
error: server certificate verification failed.
CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
This is because I don't have any certificates in /etc/ssl/certs/
. I know how to fix this problem. I can install the package ca-certificates
from Debian repository. The problem is, however, that this will install all certificates (thousands) which I don't necessarily want to accept/trust.
How can I install certificate for Github only?
a Subproblem/Subquestion
On another machine, where the package ca-certificates
is already installed and git works, I have noticed that some certificates in /etc/ssl/certs/
are one-certificate-per-file and other are many-certificates-in-one-file. The particular file containing Github certificate, /etc/ssl/certs/ca-certificates.crt
contains over 150 other certificates:
$ grep 'BEGIN CERTIFICATE' /etc/ssl/certs/ca-certificates.crt | wc -l
159
How can I find which one out of these 159 certificate is the one I need? (other than brute force – slicing the file in halves and checking both halves, repeating while n > 1
).
Best Answer
In order to access your Github you need to do it via ssh. So you need to add your ssh public key to github. After that you are able to access github via ssh i.e.:
See also: Github: generating ssh keys, WikiHow
[Edit #1]
without certificate checks:
or authenticated
For me it is still not clear what are you asking for, because you know that installing ca-certificates will fix the problem.
[Edit #2]
Ok, the other question was
Open your browser and navigate to https://github.com/. Klick on the green name on the left from
https://
and klick onCertificates
. On theDetails
tab, you'll see the certificate chain, which is:Export each of the DigiCert certicates to a file.
/etc/ssl/certs/
c_rehash
which cat all certificates toca-certificates.crt
As I said, I am not a friend of such actions because github can change the CA's anytime, so it will always result in additional work.