So there I was, ready to pull down a GitHub repo and get to work finishing a recent blog. I typed in the familiar command:

git clone https://github.com/sbkuehn/transit-routing-vnet-peer.git

And what does Git give me back?

fatal: unable to access 'https://github.com/sbkuehn/transit-routing-vnet-peer.git/': 
SSL certificate problem: unable to get local issuer certificate

Lovely. Nothing like a random SSL error on Windows (I know, I know...I should just get a Mac already).

Why This Happens

Git is trying to make a secure connection to GitHub over HTTPS. That requires validating GitHub’s SSL certificate against a list of trusted authorities. If Git can’t find a certificate chain it trusts, you get the “unable to get local issuer certificate” error.

On Windows, the culprit is usually one of these:

• Git for Windows is using its own old CA (Certificate Authority) bundle instead of Windows’ certificate store.

• You are behind a corporate proxy that injects its own certificate.

• Or your Git install is simply outdated.

  
  

The Quick Fix on Windows

The fastest and cleanest way to fix this is to make Git use Windows’ built-in certificate store. That way, it trusts the same root certs that Chrome, Edge, or PowerShell already trust.

Here’s the magic command:

git config --system http.sslBackend schannel

What this does: it tells Git, “Hey, stop using that outdated ca-bundle.crt file and just trust what Windows trusts.”

After that, try cloning again:

git clone https://github.com/sbkuehn/transit-routing-vnet-peer.git

No errors. No drama. Just code.

Quick and Dirty Test (Not Permanent)

If you want to confirm that the SSL error is the problem, you can temporarily disable SSL verification:

git config --global http.sslVerify false

Now cloning will work, but you are bypassing certificate validation entirely. That is fine for a quick test on your home lab, but never leave it that way. Turn it back on as soon as you confirm:

git config --global http.sslVerify true

Long Term: Keep Git Updated

If you are running an older version of Git for Windows, you are asking for trouble (p.s. I was in trouble). Update to the latest from git-scm.com/download/win. The newer builds already handle certificates better.

Final Thoughts

SSL errors look scarier than they really are. On Windows, the schannel fix is the one-liner that saves you hours of frustration. It aligns Git with the certificates your OS already trusts and saves you from messing with CA files manually.

Next time you hit that dreaded “unable to get local issuer certificate” error, don’t panic. Just teach Git to trust what Windows already knows.

Problem solved. Now on to the next problem (or solution)!