GitLab TLS - Kael Oisinson
module-name: "TLS SSL"
area: "Core Technologies"
maintainers:
- faleksic
Overview
Goal: Set a clear path for GitLab TLS / SSL expert training
Objectives: At the end of this module, you should be able to:
- Understand the basics of how SSL works.
- Understand how GitLab interacts with SSL.
- Feel comfortable troubleshooting GitLab SSL issues.
Stage 0: Create and commit to the module
-
Create an issue using this template by making the Issue Title: GitLab TLS - -
Add yourself and your trainer as the assignees. -
Notify your manager to let them know you've started. -
Commit to this by notifying the current experts that they can start routing non-technical GitLab TLS questions to you. -
Optional: Set a milestone, if applicable, and a due date to help motivate yourself!
Stage 1: Become familiar with how SSL works
-
Done with Stage 1
-
Read SSL Documentation -
(Optional) Practice generating SSL certificates -
Read GitLab Documentation -
Read NGINX settings -
Read SSL Configuration -
Read Runner SSL documentation
-
Stage 2: Technical setup
-
Done with Stage 2
-
Familiarize yourself with Common SSL Errors documentation page. -
Configure SSL for GitLab using the Let's Encrypt integration. -
Configure SSL for GitLab using a self-signed certificate. -
Configure GitLab to trust a self-signed certificate. -
Configure GitLab to trust a certificate chain. -
Configure a Runner to trust a self-signed certificate. -
Configure a Runner to trust a certificate chain.
Stage 3: Working with GitLab and SSL
-
Done with Stage 3
Remember to contribute to any documentation that needs updating.
-
Look for 10 old SSL-related tickets and read through them to understand what the issues were and how they were addressed. Paste the links here. -
__ -
__ -
__ -
__ -
__ -
__ -
__ -
__ -
__ -
__
-
-
Answer 5 SSL-related tickets and paste the links here. Do this even if a ticket seems too advanced for you to answer. Find the answers from an expert and relay them to the customers. -
__ -
__ -
__ -
__ -
__
-
Stage 4: Pair on Customer Calls (Optional)
-
Done with Stage 4
-
Pair on up to two Customer Calls, where a customer is having trouble with SSL. -
call with ___ -
call with ___
-
Stage 5: Quiz
-
Done with Stage 5
Schedule a call with a TLS SSL Expert (search for SSL
). During this call, you will guide them through the following:
-
Clone the support-training project as it contains files needed for next steps in the content/TLS SSL
folder.-
Print the Subject Alternative Name(s) that the example.crt
SSL certificate covers. -
Given the files example-1.key
andexample-2.key
, determine which one belongs to theexample.crt
file (relevant troubleshooting page)
-
-
Print the validity time period for the gitlab.com
SSL certificate -
Print the certificate chain for the gitlab.com
SSL certificate -
Given the error fatal: unable to access 'https://.git. : SSL certificate problem: unable to get local issuer certificate
- name the cause and any possible solutions (hint: SSL Configuration documentation page). -
Once you have completed this, have the expert comment below acknowledging your success.
Penultimate stage: Review
Any updates or improvements needed? If there are any dead links, out of date or inaccurate content, missing content whether in this module or in other documentation, list it below as tasks for yourself! Once ready, have a maintainer or manager review.
-
Update ...
Final stage: Completion
-
Manager: schedule a call (or integrate into 1:1) to review how the module went. -
Have your trainer review your tickets and assessment. If you do not have a trainer, ask an expert to review. -
Submit a MR to update modules
andknowledge_areas
in your Support Team yaml file with this training module's topic. You will now be listed as GitLab SSL Expert on Skills by Person page.
Edited by Kael Oisinson