SSL certificate problem: unable to get local issuer certificate

If you are connecting to an on premises TFS instance and you are using Git in Visual Studio 2017 then you may get the error “SSL certificate problem: unable to get local issuer certificate”.

To get around this you want the inbuilt Git to use WinSSL / the builtin Windows Security Store. You can do this in the following way:

  1. Close all instances of Visual Studio
  2. Open a command prompt as administrator
  3. cd to the installation directory for VS2017’s Git – C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\bin
  4. Run the command: git config --system http.sslbackend schannel
  5. Reopen Visual Studio

This should modify the following file (by default)

C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\etc\gitconfig

2 thoughts on “SSL certificate problem: unable to get local issuer certificate

  1. Worked for me, thanks! There’s a small error in the git config command, however. It requires two dashes as shown below.
    git config –system http.sslbackend schannel

    1. Thanks for pointing this out, it was actually a display issue in WordPress and was actually two dashes in the editor. Changed its style now to be code so it displays correctly 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.