git clone: Unknown SSL protocol error in connection - untrusted root certificate CA
Private git stores over https can be a little tricky to clone and it's quite common to receive the error:
The error itself isn't from git, but curl, which is the program that git uses to deal with HTTP upstream repositories. To dig into the error a bit more, you can run curl directly with the verbose flag to try and pull out a bit more information curl -v [repo].
There can be many reasons, but a common issue with corporate repositories is that the SSL certificate for the web-server is signed by an internal certificate authority. Your OS won't trust this by default and you'll need to trust it.
There are a few ways to crack this nut, depending on your scenarios. As always, I recommend openSUSE as a Linux distribution. To add a new certificate into the system trust store, you will need to:
- Save the root CA file into a base64 encoded PEM file
- Copy it to /etc/pki/trust/anchors (filename doesn't matter)
- Run update-ca-certificates
It's as simple as that. That CA will now have had it's certificate merged into the system trusted root CA bundle and can be used globally. When the OS updates the ca-bundle file, this will get merged in as long as it is in that directory.