Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Troubleshooting TLS errors

Refer to the section below for your tool to assist in resolving TLS errors when performing git operations.

Git Bash

  1. Launch Git Bash
  2. Run these commands to configure git to trust the VA’s network.
git config --global http.sslBackend schannel
git config --global credential.helper manager
git config --global http.schannelCheckRevoke best-effort

Git for Windows before v2.27.0

Git versions before v2.27.0 do not have best-effort available as an option for http.schannelCheckRevoke. Use false instead.

If you see an error like this:

fatal: bad numeric config value 'best-effort' for 'http.schannelcheckrevoke': invalid unit

Run this command

git config --global http.schannelCheckRevoke false

Eclipse

See Java TLS Errors for a complete walkthrough with screenshots.

Visual Studio

Visual Studio 2019

  1. In File Explorer, navigate to C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\bin
    • NOTE: Your path may be slightly different based on the version of Visual Studio you have installed
  2. Hold Shift and right click in the whitespace
  3. Select Open powershell window here or Open command prompt here
  4. Run these commands to configure git to trust the VA’s network.
.\git.exe config --global http.sslBackend schannel
.\git.exe config --global credential.helper manager
.\git.exe config --global http.schannelCheckRevoke false

See Troubleshooting Visual Studio 2019 for a complete walkthrough with screenshots.

Visual Studio 2017

Visual Studio 2017 ships with a version of git that does not support disabling certificate revocation checks. We have to do a few extra steps to configure git properly.

Download the VA’s certificate

  1. Download the VA’s certificate
  2. Move the downloaded file to C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem where is your own username.

Configure git

  1. In File Explorer, navigate to C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\bin
    • NOTE: Your path may be slightly different based on the version of Visual Studio you have installed
  2. Hold Shift and right click in the whitespace
  3. Select Open powershell window here or Open command prompt here
  4. Run these commands to configure git to trust the VA’s network. Remember to replace with your own username.
.\git.exe config --global http.sslBackend openssl
.\git.exe config --global http.sslCAInfo "C:\Users\<USERNAME>\Documents\VA-Internal-S2-RCA1-v1.pem"