self signed certificate for git repo

[due-abracoma]

Hi everyone
I have a git repo (Azure DevOps) with a self signed ssl certificate configured in ansible semaphore running on Ubuntu 22.04.
When I try to start a playbook, I get the error that the 'certificate is signed by unknown authority'. I already exported the certificate and loaded it into the local certificate store on which ansible is running, but I still get the error.
Also, I tried to find an option to disable the ssl check in the web ui, but I wasn't successful.
Is there an option to use the git repo with a self signed certificate?

[ansibleguy]

Greetings!
I don't think that self-signed certificate (no CA chain at all) can be added as trusted to the system-store. (and work)
You could try to create a self-signed CA and create a new server-certificate using it.
Import the server-cert in your repo-service and add the CA pubkey as trusted.
Tool to generate an internal CA: easyrsa, how-to, short version

[helioguardabaxo]

Hi @fiftin
Do you intend to implement this functionality?

Thanks!

[fiftin]

Can you try to add environment variable GIT_SSL_NO_VERIFY=true to your Variable Group?

[fiftin]

I think it can be simply implemented by adding flag to the Repository settings.

[sladewexo]

Since upgrading to version 2.11 Semaphore keeps giving errors about the self signed certificate of my Gitlab. In version 2.10 I used to enter the command "git config --global http.sslVerify false" and it would happily work but no more in 2.11. Both Semaphore and Gitlab run as Docker containers from the same host.

A git clone via command line "git -c http.sslVerify=false clone https://..." works perfectly from within the Semaphore docker container in version 2.11.x

[fiftin]

Hm, it doesn't look like Semaphore issue. Semaphore uses Git as external app. There is no changes here in 2.11.

Can you try to add environment variable GIT_SSL_NO_VERIFY=true to your Variable Group?