I follow the link to enable ssl client certificate, but I can’t make it work in git client, I got fatal: unable to access ‘https://xxxx/xxxx/xxxx.git/’: The requested URL returned error: 400, I did configured. http.sslcert,http.sslkey,http.sslcainfo in git config --global, anything I missed?
yea, works well -Technicaly gitlab doesnt but nginx does.
This is just a basic example but it should get you somewhere.
I use this cind of stettings on my internal test server.
When you want to use the certificates with a runner or a registery edit first your CA settings - when you do so - be shure to edit the right patrt - in this case [ v3_ca ]
Thanks @Underknowledge, I did follow a similar guide in creating the self-signed server/client ssl key pairs.
After doing some research about enable 2 way SSL on nginx, I found out I made a mistake in configuring it, which is the nginx[‘ssl_client_certificate’], it should put the self-signed CA.crt, but I used the client.crt before, so I got the 400 error, after correct this, I have no problem to run git command using the same http.sslcert,http.sslkey,http.sslcainfo setting in git config --global.
Any reason why ssh over https? Seems like to me both it’s encrypted should provide same level of security, seems github recommend https for the benefit of 2FA
Mostly just personal preference. I got my YubiKey always with me on my keychain, but not my KeePass file wich would contain the paswords.
as far as I can tell they recommend HTTPS that they don’t have to document ssh-agent and :22 might be blocked by firewalls 乁(ᴗ ͜ʖ ᴗ)ㄏ