The background
So, recently a new firewall was installed, this firewall performs SSL/TLS decryption on all encrypted traffic…
In order for machines to continue operating normally, a custom certificate was issued and installed on each one. On certain machines though, the certificate was not installed and this caused verification problems.
The story
While trying to clone a git project from github we got the following output
$ git clone https://github.com/ioi/translation.git
Cloning into 'translation'...
fatal: unable to access 'https://github.com/ioi/translation.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
The horrible solution
To mitigate the problem (not solve it), we directed git to ignore the SSL certificates and not verify them using the following call right before the clone command.
export GIT_SSL_NO_VERIFY=true
As expected, the execution went smoothly after this change
$ git clone https://github.com/ioi/translation.git
Cloning into 'translation'...
remote: Counting objects: 297, done.
remote: Total 297 (delta 0), reused 0 (delta 0), pack-reused 297
Receiving objects: 100% (297/297), 4.40 MiB | 1.50 MiB/s, done.
Resolving deltas: 100% (39/39), done.
Checking connectivity... done.