MIT SIPB Script Services for Athena

How can I avoid typing my password repeatedly when using git with the smart HTTP transport?

It is possible to use git with client certificates. This avoids needing to repeatedly type passwords when using git with the smart HTTP transport. First, you will need a git repository on scripts using the smart HTTP transport. Our autoinstaller (add scripts; scripts-git) will do this for you.

Extracting a certificate

Next, you need to get a copy of your certificate. The easiest way to do this is probably to extract it from your browser.

In Chromium, go to Preferences, search for “SSL”, pick “Manage Certificates” -> “Your Certificates”, and then export your certificate. In Firefox, go to Preferences -> Advanced -> Encryption -> View Certificates and then export your certificates.

This will export your certificate as a PKCS#12 file, which git doesn’t know how to handle. To convert it to something git does know how to handle, run openssl pkcs12 -in cert.p12 -out cert.pem -nodes (leave off the -nodes if you want your certificate to be encrypted, but be aware that you’ll need to type your password repeatedly in that case).

Telling git to use your cert

To tell git about your certificate and the server, you’ll want to run

  git config http.sslCert ~/path/to/ssl/cert.pem
  git remote set-url origin
  git remote set-url --push origin

In particular, note the :444 in the latter URL, which causes to use certificates.

Configuring the server to accept client auth

You’ll also need to make sure that the server accepts you when identified by cert. Replace the indented lines between “<Files _git-auth.cgi>” and “</Files>” in the .htaccess with one of the snippets from the certificate authorization FAQ.

© 2004-2020, the SIPB project.
These pages may be reused under either the GFDL 1.2 or CC-BY-SA 3.0.
Questions? Contact

You are currently connected to