Trying to import from Bitbucket using a custom CA

bdodds · July 24, 2023, 1:00pm

Hello all, wondering if someone might have an idea on how to fix my issue. I’m trying to import from Bitbucket, but we use our own CA here, so the cert used looks self-signed. So when importing, I get the error Unable to connect to server: SSL_connect returned=1 errno=0 peeraddr=x.x.x.x:443 state=error: certificate verify failed (unable to get issuer certificate)

I’ve tried a number of things after searching around, but nothing seems to want to work. I added the CA cert to the system, I added it to a few directories that were recommended, but nothing. I couldn’t find anything in gitlab.rb that looked promising. Any ideas? Many thanks!

I’m running 16.1 right now. Among other things I’ve forgotten, I’ve most recently tried adding the Bitbucket server cert and CA to /etc/gitlab/trusted-certs, and they are linked from /opt/gitlab/embedded/ssl/certs/.

bdodds · July 24, 2023, 1:07pm

Forgot to mention, if I use openssl s_client to connect to my Bitbucket server it returns the server cert and the CA, so that side appears to be working properly.

balonik · July 24, 2023, 3:29pm

I guess you are using Omnibus rpm/deb installation.
It’s been a while, but if I remember right, if you have adjusted system CA bundle you need to restart GitLab.
Also make sure you add the complete path to the systems CA bundle, not just root CA cert.