Allow custom root CAs to be trusted, or respect Windows / IE's list

Simon 3 years ago updated by Damien Regad 7 months ago 2

My company has recently put in a new web proxy which man-in-the-middles all https traffic; it intercepts it, decrypts it, then re-encrypts it with a certificate that is signed by a local company authority. My understanding is that this is fairly common in enterprise environments.

This is largely transparent for web browsing, because the company pushes its own CA certificate to the PCs; but SmartGit (and its built-in git implementation) do not use this certificate store.

This means that SmartGit cannot connect to its update server and, more seriously, means that it cannot connect to any remotes.

I can probably work around the git problem by installing git myself and not using Smartgit's built-in version; but that is significant extra hassle on Windows, which I imagine is why there is a built-in version in the first place.

RFE: Allow users to edit the list of trusted root certificate authorities, or respect Windows's list. The latter would be far better, but would also be platform-specific.

Satisfaction mark by Simon 1 year ago

Since 18.2.7, there is now Preferences, Low-level property "connection.https.trustedFingerprints"

It was a little difficult to find the setting and somewhat painful to configure it, but in the end I managed to make it work.

Thanks for providing the possibilty to configure the certificates in Enterprise context.