CA certificate

Hi,

I recently update to GitLab 12.5.3 and renew the cert.
Then my user unable to connect to repository due to server certificate verification failed.

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Can’t figure it out

Hi,

you can manually test the server certificate, e.g. with

openssl s_client -connect gitlabserverfqdn:443

Also, please print the server’s certificate and verify that it is signed by the CA chain.

openssl x509 -in /path/to/gitlabserverfqdn.crt -text

openssl verify -verbose -CAfile /etc/ssl/certs/ca-certificates.crt path/to/gitlabserverfqdn.crt

Also, you should check whether the ca-certificates package is uptodate. Can you share insights on your system, e.g. with

cat /etc/os-release

For Ubuntu/Debian, the following may help:

apt-get install apt-transport-https ca-certificates
update-ca-certificates

Here’s some docs for a project I help maintain, which also uses TLS certificates. Might help with troubleshooting.

Cheers,
Michael

1 Like
     Icon name: computer-vm
       Chassis: vm
    Machine ID: 2422ae776206456cbe9fbfa743d09a8b
       Boot ID: 33d4b89bcf42487080f5d27ee8522685
Virtualization: xen

Operating System: Red Hat Enterprise Linux Server 7.7 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.7:GA:server
Kernel: Linux 3.10.0-1062.1.1.el7.x86_64
Architecture: x86-64

We still failed to connect repository : command “git ls-remote -h https:gitlab,okbc.my/url.git HEAD” returned status code 128: stdout:
stderr: fatal: unable to access "git ls-remote -h https:gitlab,okbc.my/url.git/’: server certifictaer verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Please print the full output of the certificate commands I provided above, and post it here. Otherwise further analysis is near to impossible.

Cheers,
Michael