4

So I'm trying to set up GitLab with HTTPS on my server. Sounds simple right?

Well...

I'm kind of using a self signed certificate. And not necessarily just a self signed certificate either. I have a root certificate installed on my system (running Ubuntu 15.04, both in the /etc/ssl/certs folder and in the ca-certificates.crt file in /etc/ssl/certs. I have an intermediate certificate and a server certificate that I'm using for HTTPS on my server. However, I can't seem to get OAUTH to work from GitLab CI. After I press authorize from my GitLab account on my server, I get a 500 error that says "We're sorry, something went wrong." In the logs, I get this error:

Faraday::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed): app/controllers/user_sessions_controller.rb:18:in `callback'

I can't seem to figure out what is causing this issue. I'm running a certificate chain for the webserver, I get an A on the Qualys SSLLabs Test, the SSL Doctor Ruby application that I've been seeing in my search for a solution finds no problems with my certificate chain. At this point, I'm completely clueless as to what may be causing this error. Can anybody help me sort this out?

Improve this question
0

2 Answers 2

Reset to default
3

On Gitlab 8.0 OmniBus CE

I first had to convert my .pfx file to .key [PEM] and .crt -> Details

Create the .key file with PEM format

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

Create the .crt file

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

Change the gitlab.rb file

sudo nano /etc/gitlab/gitlab.rb

Based on the Omnibus configuration, change or uncomment the following lines:

external_url "https://gitlab.example.com"

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.belley.net.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.belley.net.key"

Prior version 8.0

ci_external_url "https://ci.example.com"
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

@Alegrowin thank you, that helped me a lot!

Just to make sure, for other people. You have also to reconfigure and restart Gitlab.

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.