How to Fix “SSL Certificate Problem: Unable to get Local Issuer Certificate?”

While working with or using Git Bash, at some point, you might have encountered an “SSL Certificate Problem: Unable to get Local Issuer Certificate.” It can be frustrating as it doesn’t go away no matter how often you verify your URL or modify your cURL request.

Find here a few methods to attempt to resolve the Unable to get Local Issuer Certificate Issue.

What is the SSL Certificate Problem: Unable to get Local Issuer Certificate Error?

This is common issue that developers often encounter while using Git Bash, a Windows command line tool to push, pull, or clone a Git repository.

What are the Causes?

The “Unable to Get Local Issuer Certificate” error stems from a misconfigured SSL certificate on your local machine. This misconfiguration prevents a successful HTTPS handshake from taking place.

The error is often linked to self-signed or corporate certificates, particularly with Git. (Self-signed certificates are mainly used in testing or development environments and are not verified by trusted Certificate Authorities. Git may throw an error when encountering such certificates.

Corporate organizations often have their own Certificate Authorities, which may not be trusted by external services like Git, leading to the same error.) Visual Studio Code users may encounter it due to a misconfigured certificate path on their machine.

How to Fix SSL/TLS Error “SSL Certificate Problem: Unable to get Local Issuer Certificate?”

To fix the SSL/TLS error – “SSL Certificate Problem: Unable to get Local Issuer Certificate,” you can perform any one of the methods mentioned below.

• Alter the php.ini File
• Add SSL Certificate to Trusted Certificate Store
• Reinstall Git & Select SSL Transport Backend Option
• Grant Repository Access to SSL Certificates or Reassign Path in VS Code
• Disable SSL certificate

Method 1: Alter the php.ini File

Despite not using Git Bash, if you are facing the Unable to Get Local Issuer Certificate error, use this method to resolve it.

Follow the steps mentioned below to alter the php.ini file:

• Enter your login credentials to access your web control panel (cPanel).
• Navigate to File Manager > PHP Software.
• Open the php.ini file.
• Click on http://curl.haxx.se/ca/cacert.pem.
• Download the cacert.pem file.
• Copy the cacert.pem file to openssl/zend (like – ‘/usr/local/openssl-0.9.8/certs/cacert.pem’.)
• Navigate to php.ini.
• Add “cainfo = ‘/usr/local/openssl-0.9.8/certs/cacert.pem” to CURL.
• Restart PHP and confirm if CURL can read the HTTPS URL or not.

Note: Enter the code mentioned below to resolve the issue without modifying the php.ini file.

$ch = curl_init();

$certificate_location = ‘/usr/local/openssl-0.9.8/certs/cacert.pem’;

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $certificate_location);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $certificate_location);

Method 2: Add SSL Certificate to Trusted Certificate Store

If you are a Git Bash user facing the Unable to Get Local Issuer Certificate error, use this method to resolve it. Follow the steps mentioned below to add an SSL cert to the Trusted Certificate Store:

1. Copy the Git SSL certificate.
2. Locate the trusted certificate store (C:\Program Files\Git\mingw64\ssl\certs)
3. Open ca-bundle.crt file.
4. Paste the Git SSL certificate at the end of the .crt file.
5. Save the file.

Method 3: Reinstall Git & Select SSL Transport Backend Option

If facing trouble in running Git commands like – git pull, push, or clone, reinstall Git and select the SSL Transport Backend option. Follow the steps mentioned below to accomplish the same:

• Uninstall Git by using the Control Panel.
• Once the uninstallation process is complete, perform these actions:
  • Open a web browser (Google Chrome).In the URL bar, type https://git-scm.com/download/win and press Enter.
  • Download the appropriate Git version.
• During the installation process, select the SSL Transport Backend option.

Method 4: Grant Repository Access to SSL Certificates or Reassign Path in VS Code

If the Unable to get Local Issuer Certificate error occurs inside VSC, perform the below-mentioned steps to resolve it:

• Reconfigure Git with the –global flag on your SSL certificate configuration by running the git config –global http.sslBackend schannel command in the terminal.
• If the error is due to accessibility, set the accessibility at the system level by opening the terminal with administrative privileges and running the git config –system http.sslBackend schannel command.
• If the error is due to location misconfiguration, use the git config –global http.sslcainfo “Path” command to reassign the path.

Method 5: Disable SSL Certificate

Disabling SSL verification is not recommended for security. Once the SSL cert is disabled, malicious actors can attack the system and access data, leading to breaches and ransomware attacks.

Follow the steps mentioned below to disable the verification of your SSL certificate:

• To disable SSL certificate validation locally in Git, use the $ git -c http.sslVerify=false clone [URL] command.
• To disable verification of your SSL cert at a global level, use the $ git config –global http.sslVerify false command.

Note: To re-enable SSL certificate verification, use the $ git config –global http.sslVerify true command.

Conclusion

If you encounter the “SSL Certificate Problem: Unable to get Local Issuer Certificate” error, you can try the following methods one by one until the issue gets resolved/fixed:

• Modify the php.ini file and set the SSL certificate path.
• Add the SSL certificate to Git Bash’s trusted store.
• Reinstall Git and select the SSL Transport Backend during installation.
• Adjust Git settings in Visual Studio Code or reconfigure SSL paths.
• Temporarily disable SSL certificate verification (not recommended) but remember to re-enable it for security.