Share via


How to Stop Mercurial from Complaining about SSL Cert Fingerprints

I know Mercurial is just trying to be friendly and warn me that it doesn’t know if certain SSL certs are valid or not (though I wish they’d just use the Windows cert repository when on the Microsoft platform), but the little nag warnings like…

“warning: hg.codeplex.com certificate with fingerprint 1c:ef:1d:4f:55:57:5b:8c:ab:78:a1:72:2c:d2:1b:56:fd:64:03:19 not verified (check hostfingerprints or web.cacerts config setting)”

…are a bit monotonous.

And they’re probably supposed to be.  However, it is pretty simple to get rid of such warnings.  All you need to do is edit your mercurial.ini file.  On Windows 7, this can be found at C:\users\[your account]\mercurial.ini.  Or, if you’re using TortoiseHg, Open “Files | Settings” and click the “Edit File” button in the upper right corner.  Then you just add the following two lines to that file:

[hostfingerprints]
hg.codeplex.com = 1c:ef:1d:4f:55:57:5b:8c:ab:78:a1:72:2c:d2:1b:56:fd:64:03:19

Of course, this example assumes you’re referencing the CodePlex repository.  All the data you need to add to the mercurial.ini file can be found in the warning message you get (bitbucket, etc.)