Git Sync: "unknown certificate lookup failure"

Product: PowerShell Universal
Version: 5.4.4
Environment: IIS / SQL

We have GitLab installed in our enterprise environment. It has an enterprise cert on it. When setting up an initial commit from PSU to GitLab, the commits show as “added” when in fact nothing is added. The status result is “Failed” with message: “Git synchronization failed. unknown certificate lookup failure: 16777280”

Is this a bug, or have our GitLab shepherds not configured the certs correctly?

Has anyone else dealt with this?

This is as to do with the git library not trusting the cert. You can try to do so with standard git settings: version control - How can I make git accept a self signed certificate? - Stack Overflow

Adam, am I correct that this would mean using an external git client? Sorry, n00b git user question.

The external git client shouldn’t be necessary. The internal git client uses a DLL version of the git.exe. It’s not a 100% replacement for the it and that’s why we support the external one too.

Man, I’m sorry, but I’m struggling with this.

That link leads me to a bunch of answers that don’t appear to relate to the internal LibGit2Sharp client, yet you’re telling me that I shouldn’t need to use an external client?

Both our GitLab and PSU are using enterprise certs. PSU is on an IIS Windows member server. I don’t want to disable SSL verification. The link you provided mentions permanently accepting a specific certificate. But this uses the ‘git’ command, which to my mind means that I have an external client installed.

I’ve also been to these, among other fruitless web searches:

• How do I configure Git to trust certificates from the Windows Certificate Store? - Stack Overflow
• configure Git to accept a particular self-signed server certificate for a particular https remote - Stack Overflow

I could really use just a tad more guidance from someone who’s been there.

I finally solved this by installing Git for Windows and in PSU checking the box to use an external client. I used this command: https://username:PAT@MyGitRepository

Worked perfectly the first time. Puh. May it help someone else.

FWIW, throughout my time with using PSU I’ve had many issues with LibGit2Sharp throwing errors for one thing or another, so not using it in favor of using an external Git client, is likely to save you lots of grief down the road. Plus, it’s much more customizable and controllable.

Indeed. It seems that unlike external Git for Windows, LibGit2Sharp can’t be made to read the Windows Certificate Store. So if you’re in an enterprise CA environment, it’s likely a non-starter. I wish someone could have told me this at the start, before I spent 6 or so hours trying to troubleshoot the thing. That point is nowhere to be found on the docs, whether PSU or the LibGit2Sharp repo–unless I’ve just missed it.