I wanted to setup the Gitlab Omnibus Image registry on an on-premise system.
This is the config
- Ubuntu 20.04
- Gitlab 13.5.1
What I did until now
Installed the certificates in /etc/gitlab/ssl (key + crt)
The CRT contains what I think the chain of certificates (domain -> signing -> root = mycompany.com -> RapidSSL -> Digicert)
First enabled ssl on the gitlab instance and reconfigured it
Using the browser this works
Started to follow this procedure
Set the registry_external_url ‘https://gitlab.example.com:5050’ in gitlab rb to the correct domain (which is the same as the gitlab url but a different port = 5050)
Executed the command to verify
openssl s_client -showcerts -servername gitlab.example.com -connect gitlab.example.com:5050 > cacert.pem
-> server addressed obviously replaced with the correct ones
Getting these errors:
verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = *.mydomain.com verify error:num=21:unable to verify the first certificate verify return:1
So it looks like there’s something wrong with the chain of certificates. Any advice on how to resolve this?
Is it something on the OS level I need to change or did I chain the certs incorrectly?
Thanks in advance for any help, much appreciated!