We have our own SSL certificate issued by RapidSSL. They have given us the intermediate and root CA certificates, and we have created the combined certificate for GitLab as follows:
cat server.cer intermediate.crt root.crt > server.crt
We then put that file and the private key (without the passphrase in it) under /etc/gitlab/ssl and /etc/gitlab/trusted-certs, and configured /etc/gitlab/gitlab.rb according to the GitLab SSL docs. Then we reconfigured GitLab and restarted.
When we run "echo | /opt/gitlab/embedded/bin/openssl s_client -connect :443, we get the error “Verify return code: 21 (unable to verify the first certificate)”. The docs say that the certificate order is incorrect, but I’m putting them in the stated order.