TechQA.

Gitlab : Peer's certificate issuer has been marked as not trusted by the user

16.9k views Asked by At

I have a on-prem gitlab where I am trying to run some builds/pipeline but getting the below error -

fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.systems/testing/test-project-poc.git/': Peer's certificate issuer has been marked as not trusted by the user.

I have already looked into this - Gitlab:Peer's Certificate issuer is not recognized and followed the steps of obtaining the .pem file by merging the server certificate, intermediate certificate and root certificate but I am still getting the below error and really struggling to find the root cause.

/etc/gitlab/gitlab.rb config

##! enable/disable 2-way SSL client authentication
#nginx['ssl_verify_client'] = "off"

##! if ssl_verify_client on, verification depth in the client certificates chain
#nginx['ssl_verify_depth'] = "1"

nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.systems.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.systems.key"

Is there any other configuration which i need to update/modify? Any guidance is really appreciated.

gitlab gitlab-ci-runner gitlab-omnibus
Original Q&A
2

There are 2 answers

0
mal On

My /etc/gitlab-runner/certs/blablabl.cer had to have the complete chain/root as per https://docs.gitlab.com/runner/configuration/tls-self-signed.html - which is a little weird since the production server has the smaller one and works. Restarted the runner.

2
andykandev On

I am guessing you are using a self signed certificate. If that is the case you have two options to rectify this issue:

  1. Recommended option: Here again I assume that you have already solved the issue between the gitlab-runner and gitlab itself, hence you registered the runner successfully. So you have already the certificate file in /etc/gitlab-runner/certs. So on the server hosting the gitlab-runner, run the below command:

    git config --system http.sslCAInfo /etc/gitlab-runner/certs/CERITIFICATE_NAME.crt

  2. This is unsafe: Here you just disable the git https certificate verification:

    git config --system http.sslverify false

Related Questions in GITLAB

Related Questions in GITLAB-CI-RUNNER

Related Questions in GITLAB-OMNIBUS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions