From 2de8a132e990381bd143277d33ae4159f79378a8 Mon Sep 17 00:00:00 2001
From: david <david@teapotcoder.com>
Date: Thu, 19 Apr 2018 02:41:54 +0000
Subject: [PATCH] =?UTF-8?q?Create=20Post=20=E2=80=9Cusing-self-signed-ca-c?=
 =?UTF-8?q?ertificates-with-git-on-windows=E2=80=9D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...ned-ca-certificates-with-git-on-windows.md | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 source/_posts/using-self-signed-ca-certificates-with-git-on-windows.md

diff --git a/source/_posts/using-self-signed-ca-certificates-with-git-on-windows.md b/source/_posts/using-self-signed-ca-certificates-with-git-on-windows.md
new file mode 100644
index 0000000..ffc0a93
--- /dev/null
+++ b/source/_posts/using-self-signed-ca-certificates-with-git-on-windows.md
@@ -0,0 +1,35 @@
+---
+title: Using self signed CA certificates with git on Windows
+date: '2018-04-18T21:41:20-05:00'
+tags: git windows certificate
+---
+Using git internally to access github? Behind a corporate proxy that has an self signed CA cert? Is git complaining about 'SSL certificate problem: unable to get local issuer certificate'? Here ya go.
+
+First, I must thank Philip Kelly for posting an article on this exact situation back in 2014. I also want to say thank you to Alejandro Campos Magencio for the post on getting the certificate chain. I put those two together with the exporting of the certifcate to a file to produce this post.
+
+[Philip Kelley's post](https://blogs.msdn.microsoft.com/phkelley/2014/01/20/adding-a-corporate-or-self-signed-certificate-authority-to-git-exes-store/)
+
+[Alejandro Campos Magencio' post](https://blogs.msdn.microsoft.com/alejacma/2011/06/21/how-to-verify-validity-of-certificates-with-net/)
+
+Philip's post works but I wanted a way to do it from Powershell so I could very easily share the solution with others.
+
+```powershell
+CLEAR
+
+Write-Host "Getting certificate for internal site"
+
+$request = [Net.WebRequest]::Create("https://internalsite.supercorp")
+$request.GetResponse() | Out-Null
+$cert = $request.ServicePoint.Certificate
+$bytes = $cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert)
+Set-Content -value $bytes -encoding byte -path "internalsite.supercorp.cer"
+
+Write-Host "Getting chain for CA cert"
+$chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
+$chain.Build($cert)
+
+$root = $chain.ChainElements | Select -Last 1
+
+$bytes = $root.Certificate.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert)
+Set-Content -value $bytes -encoding byte -path "supercorp.ca.cer"
+```