Select Page

Accessing Git and Nexus with custom SSL certificates

Accessing Git and Nexus with custom SSL certificates

Again and again I work for companies having self crafted certificate. In 2020 there is no excuse to not use a valid certificate. There is now Let’s encrypt free certificates

Here are some solutions how to fix this for Git, Nexus, maven and Java


Bad solution

Is to avoid SSL certificate checks all together (from a security standpoint this is very bad)

git config --global http.sslVerify false

Best option

Is to add the self-signed certificate to your certificate store, you need to obtain the server certificate tree using chrome or firefox.

  1. Navigate to be server address. Click on the padlock icon and view the certificates. Export all of the certificate chain as base64 encoded files (PEM) format.
  2. Add the certificates to the trust chain of your GIT trust config file In Git bash on the the machine running the job run the following:
git config --list

find the http.sslcainfo configuration this shows where the certificate trust file is located.

3. Copy all the certificates into the trust chain file including the "- -BEGIN- -" and the "- -END- -". Make sure you add the ROOT certificate Chain to the certificates file


Bad option

You can also tell Apache Maven to accept the certificate even though it isn’t signed. invoke Maven MAVEN_OPTS with


If the host name configured in the certificate doesn’t match the host name Nexus is running on you may also need to add in MAVEN_OPTS


Best option

Install a real certificate in Nexus or Import the faulty certificate in your JDK cacert running

${JAVA_HOME}/bin/keytool -importcert -file waltercedric.pem -alias  -storepass changeit -keystore ${JAVA_HOME}/jre/lib/security/cacerts