Hi,
I recently update to GitLab 12.5.3 and renew the cert.
Then my user unable to connect to repository due to server certificate verification failed.
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Can’t figure it out
Hi,
you can manually test the server certificate, e.g. with
openssl s_client -connect gitlabserverfqdn:443
Also, please print the server’s certificate and verify that it is signed by the CA chain.
openssl x509 -in /path/to/gitlabserverfqdn.crt -text
openssl verify -verbose -CAfile /etc/ssl/certs/ca-certificates.crt path/to/gitlabserverfqdn.crt
Also, you should check whether the ca-certificates package is uptodate. Can you share insights on your system, e.g. with
cat /etc/os-release
For Ubuntu/Debian, the following may help:
apt-get install apt-transport-https ca-certificates
update-ca-certificates
Here’s some docs for a project I help maintain, which also uses TLS certificates. Might help with troubleshooting.
Cheers,
Michael
Icon name: computer-vm
Chassis: vm
Machine ID: 2422ae776206456cbe9fbfa743d09a8b
Boot ID: 33d4b89bcf42487080f5d27ee8522685
Virtualization: xen
Operating System: Red Hat Enterprise Linux Server 7.7 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.7:GA:server
Kernel: Linux 3.10.0-1062.1.1.el7.x86_64
Architecture: x86-64
We still failed to connect repository : command “git ls-remote -h https:gitlab,okbc.my/url.git HEAD” returned status code 128: stdout:
stderr: fatal: unable to access "git ls-remote -h https:gitlab,okbc.my/url.git/’: server certifictaer verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Please print the full output of the certificate commands I provided above, and post it here. Otherwise further analysis is near to impossible.
Cheers,
Michael