I’m trying to use gitlab-runner with TLS client authentication using –tls-cert-file and –tls-key-file options:
gitlab-runner --debug register --tls-cert-file mycert.pem --tls-key-file mykey.key -r rxxxxtokenxxx -u https://my.gitlab.org/gitlab --name sorin-macos-test --tag-list some-tag --executor shell
but on the Apache reverse proxy doing the certificate authentication I’m getting errors like:
AH02261: Re-negotiation handshake failed SSL Library Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate -- No CAs known to server for verification?
which indicates the gitlab-runner is not sending a client TLS certificate.
If I disable the client TLS authentication on Apache rev proxy it works just fine.
Same certificate and key are working to clone or access on Web UI of same Gitlab server without any issues.
If I set inexistent cert or key files I don’t get any err, but if one of them is a directory, I’m getting err:
Trying to load mycert.pem and mykey.key pair... ERROR: Failed to load [...]
as expected according to https://gitlab.com/gitlab-org/gitlab-runner/blob/master/network/client.go#L131
I reproduced same behaviour on MacOS Mojave 10.14.3 and docker runner gitlab/gitlab-runner:latest
Many thanks in advance for your help !