Hi, we have Gitlab CE 8.12 loaded with a certificate from digicert.com. Digicert requires a chain or intermediate certificate.
The DigiCertSHA2HighAssuranceServerCA.crt.pem file which is provided by Digicert is loaded into the /etc/gitlab/trusted-certs/ and the system’s host certificate is loaded into /etc/gitlab/ssl/.
Using a browser to go to the site works without an issue, however DigiCert® SSL Installation Diagnostics Tool reports that:
The server is not sending the required intermediate certificate.
Recipe: gitlab::add_trusted_certs * directory[/etc/gitlab/trusted-certs] action create (up to date) * directory[/opt/gitlab/embedded/ssl/certs] action create (up to date) * file[/opt/gitlab/embedded/ssl/certs/README] action create (up to date) * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs * Symlinking existing certificates found in /etc/gitlab/trusted-certs Skipping /etc/gitlab/trusted-certs/DigiCertSHA2HighAssuranceServerCA.crt.pem. - execute the ruby block Move existing certs and link to /opt/gitlab/embedded/ssl/certs
This is causing issues with other toolsets trying to integerate with Gitlab and in particular Gitlab CI.