Fix “fatal: unable to access: server certificate verification failed” in Git

If you see this error when cloning from a private Git server:

fatal: unable to access 'https://git.example.internal/myrepo.git/': server certificate verification failed. CAfile: none CRLfile: none

It means your system doesn’t trust the server’s SSL certificate. Here’s how to fix it properly by trusting the certificate manually.

---

Step 1: Export the Certificate

Use openssl to extract the server certificate:

openssl s_client -showcerts -connect git.example.internal:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > git-example.crt

---

Step 2: Trust the Certificate

On Ubuntu/Debian

sudo cp git-example.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

On RHEL/CentOS

sudo cp git-example.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

On Windows

1. Run mmc.exe
2. Add the Certificates snap-in for the Computer account
3. Import the .crt file into Trusted Root Certification Authorities

---

Step 3: Retry the Git Operation

git clone https://git.example.internal/myrepo.git

---

Avoid This

Do not use:

GIT_SSL_NO_VERIFY=true git clone ...

This disables SSL checks and is insecure.

---

This method ensures your Git client can securely communicate with private servers using custom or self-signed certificates.