<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Bottom line: doing nothing with certificates is the permanent
solution.<br>
</p>
<p>Last week GitHub changed the way they use certificates (<a
moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning">using
certificate pinning</a>). This broke the solution we were using
previously, i. e., configuring git to use a JLab certificate was
causing errors. And so our git transactions (at least those from
ifarm) were failing last week.<br>
<br>
The solution suggested last week (see below) was to stop using the
JLab certificate with Git.<br>
<br>
The reaction from the Computer Center to the GitHub change is to
whitelist GitHub, exempting it from the web filter and foregoing
decryption of traffic from GitHub. Which means we do not need to
do anything with certificates at all as far as Git and GitHub are
concerned; the non-use of certificates is the way we should go
from now on. Basically the original problem has disappeared.</p>
<p>Thanks to Wesley Moore of CNI for tracking this down for us.</p>
<p>So now we need an FAQ on how to undo the solution suggested by
the old FAQ!<br>
</p>
<div class="moz-cite-prefix">On 05/11/2017 12:39 PM, Mark Ito wrote:<br>
</div>
<blockquote type="cite"
cite="mid:41994e47-affb-9f9d-cbe4-03edd63d5573@jlab.org">For some
reason, unknown to me, calling out a certificate in your
.gitconfig file is breaking git clone at JLab as of today. If you
delete your .gitconfig from your home directory (or move out of
the way), clones should work. Let me know if that is not what you
see.
<br>
<br>
</blockquote>
<pre class="moz-signature" cols="72">--
Mark Ito, <a class="moz-txt-link-abbreviated" href="mailto:marki@jlab.org">marki@jlab.org</a>, (757)269-5295
</pre>
</body>
</html>