This procedure describes how to configure Che for deployment with support for Git operations on repositories that use self-signed certificates.

  • Git version 2 or later

  • Helm version 2.15 or higher


Configuring support for self-signed Git repositories.

In the instructions below, substitute kubectl for oc when running Che on Kubernetes.

  1. Create a new configMap with details about the Git server:

    $ oc create configmap che-git-self-signed-cert --from-file=ca.crt \
      --from-literal=githost=<host:port> -n {prod-namespace}

    In the command, substitute <host:port> for the host and port of the HTTPS connection on the Git server (optional).

    • When githost is not specified, the given certificate is used for all HTTPS repositories.

    • The certificate file must be named ca.crt.

  2. Configure the workspace exposure strategy:

    For Che deployed using a Helm Chart
    1. Clone the che project

    2. Go to deploy/kubernetes/helm/che directory

    3. Update the global.useGitSelfSignedCerts property. To do that, add the following option to the helm upgrade command:

      $ helm upgrade che -n che --set global.useGitSelfSignedCerts=true \
        --set global.ingressDomain=<kubernetes-cluster-domain> .

    On Minikube, substitute <kubernetes-cluster-domain> with $(minikube ip)

    For Che deployed using Operators

    Update the gitSelfSignedCert property. To do that, execute:

    $ oc patch checluster eclipse-che -n default --type=json \
      -p '[{"op": "replace", "path": "/spec/server/gitSelfSignedCert", "value": true}]'
  3. Create and start a new workspace. Every container used by the workspace mounts a special volume that contains a file with the self-signed certificate. The repository’s .git/config file contains information about the Git server host (its URL) and the path to the certificate in the http section (see Git documentation about git-config). For example:

    [http ""]
            sslCAInfo = /etc/che/git/cert/ca.crt