SSL certificate problem: unable to get local issuer certificate

If you are connecting to an on premises TFS instance and you are using Git in Visual Studio 2017 then you may get the error “SSL certificate problem: unable to get local issuer certificate”.

To get around this you want the inbuilt Git to use WinSSL / the builtin Windows Security Store. You can do this in the following way:

  1. Close all instances of Visual Studio
  2. Open a command prompt as administrator
  3. cd to the installation directory for VS2017’s Git – C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\bin
  4. Run the command: git config –system http.sslbackend schannel
  5. Reopen Visual Studio

This should modify the following file (by default)

C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\etc\gitconfig

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.