Hello Gitlab Community and Happy New Year. I am in need of assistance with configuring SSL for Gitlab on my Linux machine. I am not looking to use “Let’s Encrypt” for this task, but instead I am looking to configure HTTPS manually.
Based on the instruction provided here, I am looking to copy and paste my key and certificate in the “/etc/gitlab/ssl” location. However, how would I go about creating the .key file for gitlab? I already have a .cer file that was provided to me when I requested a .cer file from my PKI team for another application that is on the same server.
Hello @iwalker , thanks for the reply back. Can I use Java Keystores for SSL configuration for gitlab? I don’t see mention of Java KeyStores in the gitlab docs. Most apps can use Java KeyStores (JKS) for SSL settings, but rarely some need to just point to the cert itself that resides in the .JKS
On my instance, this file “«REDACTED»/embedded/ssl/certs/README” says
This directory is managed by omnibus-gitlab.
Any file placed in this directory will be ignored
. Place certificates in /etc/gitlab/trusted-certs.
I put my enterprise cert files (Root and intermediate chain(s), cert, private key) in that folder and run gitlab-ctl reconfigure so it picks them up. That creates symlinks to the cert files.
So I finished with creating the .pem file that includes first the private key (.key), primary ssl certificate domain (.crt), 2 intermediate certificates (.crt), and the root certificate last (.crt). I also went ahead and edit the #ngix script on /etc/gitlab/gitlab.rb to this:
Once I completed this, I then used gitlab-ctl start to start the program and then opened new windows and inputted the https address. However, it still comes out as an unsecured/not secured page. How can I fix this issue?
If it’s still unsecured, or not trusted by the web browser, this means one of two things.
Incorrect order when combining the certificate, intermediate and CA certificates.
If certificate is generated by an internal CA - the CA certificate needs importing to the browser.
This is not a Gitlab problem now, this is the problem with one of the items above. Once that has been resolved the problem will no longer be seen within the browser.