SSL certificate problem: self signed certificate in certificate chain

certificategit

Behind a firewall, using chrome, I am able to access a github repository like so:
https://github.com/Squirrel/Squirrel.Windows

Chrome uses our certificate for this access. If I try to access the same url using GitExtensions, I get this error:

SSL certificate problem: self signed certificate in certificate chain

Can I cause GitExtensions to use our certificate to allow access?

EDIT: more info:

On my machine, I don’t see mysysGit, but I do see mingw/curl, so I assume Git is using these. These apparently do not use Windows trust certificates when building the certificate chain. The error that I get, SSL certificate problem: self signed certificate in certificate chain, indicates that the root certificate used by Git/Github is not present in the built-in certificate authority (CA) root bundle. As @Akber Choudhry has pointed out, the CA certificate that is the root of the chain of the certs served by Github SSL server is DigiCert High Assurance EV Root CA and I do see that CA in C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt.

To verify that the problem is with Git, not GitExtensions, I did this on the command line:

 >>git clone https://github.com/Squirrel/Squirrel.Windows.git

And received the same SSL certificate problem error.

It gives the appearance that Git is not using this certificate, thus I tried configuring Git like so:

>>git config --system http.sslcainfo "C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt"

but this had no effect..

Best Answer

Behind a firewall, ...github ... Chrome uses our certificate for this access.

Based on this description I assume that "our" certificate is not the original certificate for Github but that you are using a firewall with SSL inspection which generates its own ("our") certificate to a man in the middle the connection. The CA in the firewall which issued this certificate (proxy CA) is probably added to the Windows Trust Store and this Chrome will trust it.

But Git doesn't use the Windows Trust Store and thus doesn't know about this proxy CA. Therefore you need to add the proxy CA used by the firewall to the CA store for the Git and not the original CA which issued the certificate for Github.