TechQA.

Adding A Certificate Authority in GitLab?

4.3k views Asked by At

So I'm trying to set up GitLab with HTTPS on my server. Sounds simple right?

Well...

I'm kind of using a self signed certificate. And not necessarily just a self signed certificate either. I have a root certificate installed on my system (running Ubuntu 15.04, both in the /etc/ssl/certs folder and in the ca-certificates.crt file in /etc/ssl/certs. I have an intermediate certificate and a server certificate that I'm using for HTTPS on my server. However, I can't seem to get OAUTH to work from GitLab CI. After I press authorize from my GitLab account on my server, I get a 500 error that says "We're sorry, something went wrong." In the logs, I get this error:

Faraday::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed): app/controllers/user_sessions_controller.rb:18:in `callback'

I can't seem to figure out what is causing this issue. I'm running a certificate chain for the webserver, I get an A on the Qualys SSLLabs Test, the SSL Doctor Ruby application that I've been seeing in my search for a solution finds no problems with my certificate chain. At this point, I'm completely clueless as to what may be causing this error. Can anybody help me sort this out?

ubuntu ssl https gitlab gitlab-ci
Original Q&A
2

There are 2 answers

0
Alegrowin On

On Gitlab 8.0 OmniBus CE

I first had to convert my .pfx file to .key [PEM] and .crt -> Details

Create the .key file with PEM format

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

Create the .crt file

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

Change the gitlab.rb file

sudo nano /etc/gitlab/gitlab.rb

Based on the Omnibus configuration, change or uncomment the following lines:

external_url "https://gitlab.example.com"

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.belley.net.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.belley.net.key"

Prior version 8.0

ci_external_url "https://ci.example.com"
0
Stanislav Seifert On

@Alegrowin thank you, that helped me a lot!

Just to make sure, for other people. You have also to reconfigure and restart Gitlab.

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

Related Questions in UBUNTU

Related Questions in SSL

Related Questions in HTTPS

Related Questions in GITLAB

Related Questions in GITLAB-CI

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions