starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00

[GH-ISSUE #159] CA installation in Windows git-bash (curl there, etc) #102

New issue

Open

opened 2026-02-25 22:32:36 +03:00 by kerem · 8 comments

kerem commented

2026-02-25 22:32:36 +03:00

Owner

Originally created by @rfay on GitHub (Apr 24, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/159

It would be wonderful if in addition to all the wonderful places the CA is already installed it could be installed in the git-bash ecosystem (for curl in windows git bash).

Thanks for mkcert! it's is an amazing breakthrough. I'm integrating it into ddev a local web development environment which runs on most platforms. And it's now able to trust local certs for the very first time. Thanks!

Originally created by @rfay on GitHub (Apr 24, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/159 It would be wonderful if in addition to all the wonderful places the CA is already installed it could be installed in the git-bash ecosystem (for curl in windows git bash). Thanks for mkcert! it's is an amazing breakthrough. I'm integrating it into [ddev](https://github.com/drud/ddev) a local web development environment which runs on most platforms. And it's now able to trust local certs for the very first time. Thanks!

kerem added the

Windows

root store

labels

2026-02-25 22:32:36 +03:00

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@FiloSottile commented on GitHub (Jun 1, 2019):

Can you provide some more info on that ecosystem? I don't use Windows, so I wouldn't know where to start to find its root store.

@FiloSottile commented on GitHub (Jun 1, 2019): Can you provide some more info on that ecosystem? I don't use Windows, so I wouldn't know where to start to find its root store.

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@rfay commented on GitHub (Jun 3, 2019):

Thanks, I haven't found a solution yet, but poking around on the web:

The old solution (may still work) seems to be to add to git-for-windows' store: https://blogs.msdn.microsoft.com/phkelley/2014/01/20/adding-a-corporate-or-self-signed-certificate-authority-to-git-exes-store/
git itself apparently has a way to switch to using the global CA store by git config --global http.sslBackend schannel... but that seems to be specific to git (as expected, since it uses git config)

I haven't tried the first with the curl that ships in the git-for-windows world; maybe it would work. The second (git config) approach definitely didn't work for me.

@rfay commented on GitHub (Jun 3, 2019): Thanks, I haven't found a solution yet, but poking around on the web: * The old solution (may still work) seems to be to add to git-for-windows' store: https://blogs.msdn.microsoft.com/phkelley/2014/01/20/adding-a-corporate-or-self-signed-certificate-authority-to-git-exes-store/ * git itself apparently has a [way to switch to using the global CA store](https://stackoverflow.com/a/48212753/215713) by `git config --global http.sslBackend schannel`... but that seems to be specific to git (as expected, since it uses git config) I haven't tried the first with the curl that ships in the git-for-windows world; maybe it would work. The second (git config) approach definitely didn't work for me.

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@rfay commented on GitHub (Jun 3, 2019):

It looks to me like

$ cat $(mkcert -CAROOT)/rootCA.pem >> /mingw64/ssl/certs/ca-bundle.crt

does the job from within git-bash context.

Outside git-bash context, I believe the directory is typically C:\Program Files\Git\mingw64\ssl\certs

@rfay commented on GitHub (Jun 3, 2019): It looks to me like ``` $ cat $(mkcert -CAROOT)/rootCA.pem >> /mingw64/ssl/certs/ca-bundle.crt ``` does the job from within git-bash context. Outside git-bash context, I believe the directory is typically `C:\Program Files\Git\mingw64\ssl\certs`

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@closedstack commented on GitHub (Oct 7, 2020):

In Most corporate settings it is best to set it to use Windows Trusted CA Store, since that will be managed by your IT (like if they inspect outbound HTTPS traffic) using
git config --global http.sslBackend schannel
as suggested by @rfay

@closedstack commented on GitHub (Oct 7, 2020): In Most corporate settings it is best to set it to use Windows Trusted CA Store, since that will be managed by your IT (like if they inspect outbound HTTPS traffic) using `git config --global http.sslBackend schannel` as suggested by @rfay

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@mkontani commented on GitHub (Oct 12, 2020):

Typically, windows has no certificates dir, but stores in win registory.
If you want to import into the registory with using cli, It seems that certutil command can be used.

certutil.exe -addstore root c:\capublickey.cer

See: https://superuser.com/questions/1506440/import-certificates-using-command-line-on-windows

@mkontani commented on GitHub (Oct 12, 2020): Typically, windows has no certificates dir, but stores in win registory. If you want to import into the registory with using cli, It seems that `certutil` command can be used. ``` certutil.exe -addstore root c:\capublickey.cer ``` See: https://superuser.com/questions/1506440/import-certificates-using-command-line-on-windows

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@jkugler commented on GitHub (Dec 9, 2020):

@rfay From where did you acquire mkcert? It does not seem to be in my default git bash install.

Edit: I might not need it. Just cat and append to the ca-bundle.crt file.

Edit 2: solution not working for me...so, may be a problem somewhere else.

@jkugler commented on GitHub (Dec 9, 2020): @rfay From where did you acquire mkcert? It does not seem to be in my default git bash install. Edit: I might not need it. Just cat and append to the ca-bundle.crt file. Edit 2: solution not working for me...so, may be a problem somewhere else.

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@rfay commented on GitHub (Dec 9, 2020):

@jkugler - download the windows binary from the releases page, https://github.com/FiloSottile/mkcert/releases

@rfay commented on GitHub (Dec 9, 2020): @jkugler - download the windows binary from the releases page, https://github.com/FiloSottile/mkcert/releases

kerem commented

2026-02-25 22:32:36 +03:00

Author

Owner

@MarlonMrN commented on GitHub (Jun 11, 2021):

In Most corporate settings it is best to set it to use Windows Trusted CA Store, since that will be managed by your IT (like if they inspect outbound HTTPS traffic) using
git config --global http.sslBackend schannel
as suggested by @rfay

but how to make that config for the entire git-bash? For example, I cannot perform any curls to https endpoints in my bash... (and all of my package managers suffer from the same issue... it's a pain to add the certificates for each of them, as they expire...)
Any ideas how to do that?

@MarlonMrN commented on GitHub (Jun 11, 2021): > In Most corporate settings it is best to set it to use Windows Trusted CA Store, since that will be managed by your IT (like if they inspect outbound HTTPS traffic) using > `git config --global http.sslBackend schannel` > as suggested by @rfay but how to make that config for the entire git-bash? For example, I cannot perform any curls to https endpoints in my bash... (and all of my package managers suffer from the same issue... it's a pain to add the certificates for each of them, as they expire...) Any ideas how to do that?

kerem referenced this issue

2026-02-25 22:33:21 +03:00

[PR #102] [MERGED] Add 'Firefox Nightly.app' for macOS. #391