Question

SSL Certificate Issue After Upgrading Mendix App to 10.24.5 – Git Error 128 When Creating Branch

0

Hi All, I've recently upgraded my Mendix app from version 10.12 to 10.24.5, and everything was working fine initially. However, when I tried to create a new branch, I encountered the following error: "Failed to checkout remote repository. Git command line client exited with code 128." Upon checking the logs, I found this error: SSL certificate problem: unable to get local issuer certificate To troubleshoot, I referred to this Mendix support article(https://support.mendix.com/hc/en-us/articles/18599952790428-SSL-Connectivity-Issues-while-using-Git) and tried the following: Verified that my Git version is 2.48.1.windows.1, which meets the recommended version. Ran git ls-remote from Command Prompt and got:fatal: unable to access ... SSL certificate problem: unable to get local issuer certificate Would appreciate any help or suggestions to resolve this. Thanks in advance!

asked 2025-09-24

Lasya Priya Yelishetti

1 answers

Marcian-Petrut Bondoc-Popescu · Answer 1 · 2025-09-24

This "unable to get local issuer certificate" error means that Git cannot verify the authenticity of the SSL certificate provided by your remote repository's server. This often happens in corporate environments where network traffic is routed through a proxy or firewall that uses its own self-signed or private root certificate.

I

This is often the best solution for Windows users, as it tells Git to use the same certificate store as the operating system. Corporate certificates are typically pushed to the Windows store by IT departments.

Run the following command in your Command Prompt or Git Bash:

Bash

git config --global http.sslbackend schannel

This command configures Git to use Secure Channel, the native Windows SSL/TLS library, for handling HTTPS connections. After running this, restart Mendix Studio Pro and try creating the branch again.

II

If the first solution doesn't work, you can explicitly tell Git where to find the correct root certificate file. You will likely need to get this file from your IT or security department.

Obtain the root certificate file (e.g., YourCompanyRootCA.pemor YourCompanyRootCA.crt from your IT team.
Save the file in a permanent location on your computer (e.g., C:\certs\YourCompanyRootCA.pem
Configure Git to use this certificate file by running the following command. Make sure to replace the example path with the actual path to your file.
Bash
```
git config --global http.sslCAInfo "C:/certs/YourCompanyRootCA.pem"
```
Note: Use forward slashes / in the path, even on Windows.

III

This solution should only be used as a temporary workaround on a trusted network, as it disables security checks and makes your connection vulnerable to man-in-the-middle attacks.

To disable SSL verification globally for Git, run this command:

Bash

git config --global http.sslVerify false