So, recently a new firewall was installed, this firewall performs SSL/TLS decryption on all encrypted traffic…
In order for machines to continue operating normally, a custom certificate was issued and installed on each one. On certain machines though, the certificate was not installed and this caused verification problems.
While trying to clone a git project from github we got the following output
$ git clone https://github.com/ioi/translation.git Cloning into 'translation'... fatal: unable to access 'https://github.com/ioi/translation.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
The horrible solution
To mitigate the problem (not solve it), we directed git to ignore the SSL certificates and not verify them using the following call right before the clone command.
As expected, the execution went smoothly after this change
$ git clone https://github.com/ioi/translation.git Cloning into 'translation'... remote: Counting objects: 297, done. remote: Total 297 (delta 0), reused 0 (delta 0), pack-reused 297 Receiving objects: 100% (297/297), 4.40 MiB | 1.50 MiB/s, done. Resolving deltas: 100% (39/39), done. Checking connectivity... done.