How to Clone a GitLab Repository with a Self-Signed Certificate

Source: Dev.to

Problem Overview

When working with a GitLab instance that uses a self‑signed SSL certificate, cloning over HTTPS often fails with an error such as:

fatal: unable to access 'https://gitlab.example.com/group/project.git/': 
server certificate verification failed. CAfile: none CRLfile: none

Git does not trust self‑signed certificates by default, so HTTPS connections are rejected unless you explicitly tell Git to trust the certificate.

Export the Self‑Signed Certificate

Using Chrome

1. Open your GitLab URL in Chrome: https://gitlab.example.com

2. Click the lock icon → Connection is secure → Certificate is valid.

3. Go to the Details tab → Export….

4. Save the certificate as gitlab-selfsigned.crt in a permanent location:

   • Windows: C:\certs\gitlab-selfsigned.crt
   • Linux/macOS: /home/username/certs/gitlab-selfsigned.crt

Using Firefox

1. Open about:preferences#privacy in Firefox.
2. Scroll to Certificates → click View Certificates.
3. In the Servers tab, locate gitlab.example.com, select it, then click Export….
4. Save the file as gitlab-selfsigned.crt.

Using OpenSSL (any platform)

openssl s_client -connect gitlab.example.com:443 -showcerts 2>/dev/null \
| openssl x509 -outform PEM > gitlab-selfsigned.crt

The command fetches the certificate directly from GitLab and writes it to gitlab-selfsigned.crt in the current directory.

Configure Git to Trust the Certificate

# Windows example
git config --global http.sslCAInfo "C:/certs/gitlab-selfsigned.crt"

# Linux/macOS example
git config --global http.sslCAInfo "/home/username/certs/gitlab-selfsigned.crt"

Verify the Setting

git config --global --get http.sslCAInfo

The command should output the path you just configured.

Clone the Repository Over HTTPS

git clone https://gitlab.example.com/group/project.git

With the certificate trusted, the clone should succeed without SSL errors.

Use SSH as an Alternative (No Certificate Issues)

Generate an SSH key

ssh-keygen -t ed25519 -C "your_email@example.com"

Add the public key

Add ~/.ssh/id_ed25519.pub to GitLab via User Settings → SSH Keys → Add Key.

Clone via SSH

git clone git@gitlab.example.com:group/project.git

Temporarily Disabling SSL Verification (Not Recommended)

git config --global http.sslVerify false

⚠️ Warning: Disabling verification is insecure and exposes you to MITM attacks. Use it only as a short‑term troubleshooting step, never in production.

Configuring Git in PyCharm

1. Open File → Settings → Version Control → Git.
2. Verify the Path to Git executable points to the Git you configured above.
3. Click Test to ensure the executable works.
4. If you rely on HTTPS, make sure the same http.sslCAInfo setting is applied to the Git used by PyCharm (or switch to SSH).

Recommended Workflow for Self‑Signed GitLab

1. Export the self‑signed certificate (Chrome, Firefox, or OpenSSL).
2. Configure Git globally with http.sslCAInfo pointing to the exported .crt file.
3. Clone repositories over HTTPS, or use SSH to avoid certificate handling altogether.
4. Never leave http.sslVerify disabled permanently.