AIX git SSL woes

Submit to reddit

Oh joy and happiness I have to admin AIX boxes. One of the first things I hit was using git to clone some stuff from github erroring out with:

SSL certificate problem: unable to get local issuer certificate

Yep, simple problem, no ssl ca bundle on the system. You can use either the bulldozer solution and have either

export GIT_SSL_NO_VERIFY=true

either

git config http.sslVerify false  ( git config --unset http.sslVerify )

because who cares about MITM attacks especially to deployed software on production servers

Or you can go to actually fix the issue and install a ca bundle. I downloaded mine from the curl site, here:

https://curl.haxx.se/docs/caextract.html

I downloaded the cacert.pem file and configured git to use it like this:

1
2
wget --no-check-certificate  https://curl.haxx.se/ca/cacert.pem -O /var/ssl/cacert.pem
git config --system  http.sslcainfo /var/ssl/cacert.pem

The no-check-certificate is required because at this point wget has no way of checking the certificate either. If you want to ensure the validity of the file download it from a working system and scp it to the remote problem server.