Skip to content

Self Hosted with Self-signed certificate.

I was able to mirror this project to our self-hosted instance. That instance has an internally signed ssl certificate.

I was able to get these components (and the cli scripts) to trust our certificate. I was able to do it using before_script like below.

My question is: Is this the right way to do it with these components? Is there a better way to do it?

---
include:
  - component: $CI_SERVER_FQDN/components/opentofu/validate-plan-apply@~latest
    inputs:
      post_mr_plan_comment: true

stages: [validate, build, deploy]

# Needed for our self-signed certificate to be trusted
# https://docs.gitlab.com/ee/ci/yaml/#ssl-verification
before_script:
  - echo "Trust our SSL certificate"
  - apk --no-cache add ca-certificates openssl && update-ca-certificates
  - openssl s_client -connect ${CI_SERVER_FQDN}:443 -servername ${CI_SERVER_FQDN} -showcerts </dev/null 2>/dev/null | openssl x509 -text -certopt no_header,no_pubkey,no_subject,no_issuer,no_signame,no_version,no_serial,no_validity,no_extensions,no_sigdump,no_aux,no_extensions > /usr/local/share/ca-certificates/$CI_SERVER_FQDN.crt
  - update-ca-certificates