Reputation: 701
Gitlab : Peer's certificate issuer has been marked as not trusted by the user
I have a on-prem gitlab where I am trying to run some builds/pipeline but getting the below error -
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.systems/testing/test-project-poc.git/': Peer's certificate issuer has been marked as not trusted by the user.
I have already looked into this - Gitlab:Peer's Certificate issuer is not recognized and followed the steps of obtaining the .pem file by merging the server certificate, intermediate certificate and root certificate but I am still getting the below error and really struggling to find the root cause.
/etc/gitlab/gitlab.rb config
##! enable/disable 2-way SSL client authentication
#nginx['ssl_verify_client'] = "off"
##! if ssl_verify_client on, verification depth in the client certificates chain
#nginx['ssl_verify_depth'] = "1"
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.systems.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.systems.key"
Is there any other configuration which i need to update/modify? Any guidance is really appreciated.
Upvotes: 6
Views: 19396
Answers (2)
Reputation: 915
I am guessing you are using a self signed certificate. If that is the case you have two options to rectify this issue:
Recommended option: Here again I assume that you have already solved the issue between the gitlab-runner and gitlab itself, hence you registered the runner successfully. So you have already the certificate file in /etc/gitlab-runner/certs. So on the server hosting the gitlab-runner, run the below command:
git config --system http.sslCAInfo /etc/gitlab-runner/certs/CERITIFICATE_NAME.crtThis is unsafe: Here you just disable the git https certificate verification:
git config --system http.sslverify false
Upvotes: 6
Reputation: 391
My /etc/gitlab-runner/certs/blablabl.cer had to have the complete chain/root as per https://docs.gitlab.com/runner/configuration/tls-self-signed.html - which is a little weird since the production server has the smaller one and works. Restarted the runner.
Upvotes: 0
Related Questions
- Gitlab:Peer's Certificate issuer is not recognized
- GITLAB SSL certificate problem: unable to get local issuer certificate
- gitlab-runner x509: certificate signed by unknown authority
- Gitlab fatal: unable to access '.......' SSL Certificate problem: unable to get issuer certificate
- Gitlab-Runner | x509: certificate signed by unknown authority
- gitlab k3s runner WARNING: Checking for jobs... failed x509: certificate signed by unknown authority
- gitlab runner - x509: certificate signed by unknown authority
- x509: certificate signed by unknown authority PANIC: Failed to register this runner
- fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.mydomain.com/xxx.git/': SSL certificate problem: unable to get issuer certificate
- gitlab Peer certificate cannot be authenticated with known CA certificates