How to import certificate from Bitbucket server to git client

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

If you have implemented an SSL self-signed certificate using the Secure Bitbucket with Tomcat using SSL, your users might still face issues performing git operations like clone/push. The users might see the following issue while cloning from the Same Bitbucket server

1 2 3 git clone https://example.com:8443/scm/text/my-test-repo.git Cloning into 'my-test-repo'... fatal: unable to access 'https://example.com:8443/scm/text/my-test-repo.git/': Issuer certificate is invalid.

Environment

Any version of Bitbucket on Linux

Git Client on Linux

Solution

Steps for Implementation: 

  1. Create a cer from the BB keystore. If you have used Secure Bitbucket with Tomcat using SSL, then the default keystore Bitbucket uses is <Bitbucket home directory>/shared/config/ssl-keystore

    1 keytool -export -alias tomcat -file file.cer -keystore ssl-keystore
  2. Convert the above file.cer into file.pem 

    1 openssl x509 -inform der -in file.cer -out file.pem
  3. Add this file.pem path to your user's git config

    1 git config --global http.sslCAInfo path_to_file.pem
  4.  Try to clone again and this should work now

    1 2 3 4 5 6 7 8 9 10 git clone https://example.com:8443/scm/text/my-test-repo.git Cloning into 'my-test-repo'... Username for 'https://example.com:8443': my-awesome-username Password for 'https://username@example.com:8443': remote: Enumerating objects: 6007, done. remote: Counting objects: 100% (6007/6007), done. remote: Compressing objects: 100% (1906/1906), done. remote: Total 6007 (delta 2524), reused 6007 (delta 2524) Receiving objects: 100% (6007/6007), 17.70 MiB | 43.26 MiB/s, done. Resolving deltas: 100% (2524/2524), done.

Updated on February 14, 2025

Still need help?

The Atlassian Community is here for you.