SSL in GitLab CE 13

We have our own SSL certificate issued by RapidSSL. They have given us the intermediate and root CA certificates, and we have created the combined certificate for GitLab as follows:

cat server.cer intermediate.crt root.crt > server.crt

We then put that file and the private key (without the passphrase in it) under /etc/gitlab/ssl and /etc/gitlab/trusted-certs, and configured /etc/gitlab/gitlab.rb according to the GitLab SSL docs. Then we reconfigured GitLab and restarted.

When we run "echo | /opt/gitlab/embedded/bin/openssl s_client -connect :443, we get the error “Verify return code: 21 (unable to verify the first certificate)”. The docs say that the certificate order is incorrect, but I’m putting them in the stated order.

Any help?
Harry

Hi,

I’m not sure, but it could make a difference with the file ending - since you merged the certificates into a bundle, use .pem instead of .crt. This should make SSL/Nginx aware that you are providing more than one certificate.

Cheers,
Michael