Git, TFS and Visual Studio

We use our own certificate authority for internal systems, with the CA certificate being self signed and distributed to all systems through Active directory Enterprise Trust. We host TFS internally, and sign the TFS certificate with our internal CA. However, Git has its own list of trusted certificate authorities. In order to use Git with our on premises TFS we need Git to trust the organisations certificate authority, our CA certificate must be added to the Git trusted certificate authorities list.

When using Git from the command line, you can identify the location of the list of certificate authorities with the command:

c:>git config http.sslCAInfo
C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

The organisations CA certificate (in PEM/Base64 format) needs to be appended to the file, or you can take a copy of the file and change the Git configuration to reference your copy.

However, when using Git within Visual Studio, a different instance of Git is used, with a different certificate trust file. The location of the file will depend on the installation of Visual Studio, for example:

C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\ssl\certs\ca-bundle.crt

If you can locate Git in the Team Explorer, git config http.sslCAInfo will give a path relative to the installation of mingw32. In the case of uncertainty, you can use a utility such as the Sysinternals ProcMon to locate which certificate bundle is being used.


git rm --cached .eslintcache