SSL certificate problem: unable to get local issuer certificate

Hello,

Following Sonar docs i’m trying to connnect via https to my github enterprise server. I create a token repo for using it into de credentials. Also tried using it as a secret text.

The problem is i can’t download the repo into jenkins to start analysis.

Credentials seems ok

The log:

Selected Git installation does not exist. Using Default
The recommended git tool is: NONE
using credential user-token-github
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.asdf.com/asdf/PruebaProyecto.git # timeout=10
Fetching without tags
Fetching upstream changes from https://github.asdf.com/asdf/PruebaProyecto.git
 > git --version # timeout=10
 > git --version # 'git version 2.27.0'
using GIT_ASKPASS to set credentials user token de github
 > git fetch --no-tags --force --progress -- https://github.asdf.com/asdf/PruebaProyecto.git +refs/heads/fun1:refs/remotes/origin/fun1 # timeout=10
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://github.asdf.com/asdf/PruebaProyecto.git
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:998)
	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1239)
	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1299)
	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:125)
	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:93)
	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:80)
	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: hudson.plugins.git.GitException: Command "git fetch --no-tags --force --progress -- https://github.asdf.com/asdf/PruebaProyecto.git +refs/heads/fun1:refs/remotes/origin/fun1" returned status code 128:
stdout: 
stderr: fatal: no es posible acceder 'https://github.asdf.com/asdf/PruebaProyecto.git/':SSL certificate problem: unable to get local issuer certificate

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2450)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2051)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:84)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:573)
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:996)
	... 11 more

Thank you so much.

Hi,

I’ll give you the same answer here I gave you in your other thread

This looks like an SSH/HTTPS issue with GitHub, so I think your debugging needs to happen on that side. This is out of SonarQube’s scope.

Specifically, by “out of SonarQube’s scope” I mean that this community is not the best place to find help on the issue.

 
:woman_shrugging:
Ann

Hi @ganncamp ,

Thank you for your response.

The problem is git installation is not configured to accept all valid CA certs. In this case, git does not accept Thawte -> DigiCert chain certs. The soltion is adding your cert chain to the file /etc/pki/tls/certs/ca-bundle.crt

Then i’ve been able to clone using multibranch and github branch source.

Tip: If you don’t know how to get the cert, go to your github instance, check on lock address bar and make sure to download PEM (chain) cert.

Special thanks to Nadeem Jamali’s anwer: Unable to resolve "unable to get local issuer certificate" using git on Windows with self-signed certificate - Stack Overflow

Best regards.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.