GitLab TLS - Asmaa Hassan

module-name: "TLS SSL"
area: "Core Technologies"
maintainers:
  - faleksic

Overview

Goal: Set a clear path for GitLab TLS / SSL expert training

Objectives: At the end of this module, you should be able to:

• Understand the basics of how SSL works.
• Understand how GitLab interacts with SSL.
• Feel comfortable troubleshooting GitLab SSL issues.

Stage 0: Create and commit to the module

1. Create an issue using this template by making the Issue Title: GitLab TLS -
2. Add yourself and your trainer as the assignees.
3. Notify your manager to let them know you've started.
4. Commit to this by notifying the current experts that they can start routing non-technical GitLab TLS questions to you.
5. Optional: Set a milestone, if applicable, and a due date to help motivate yourself!

Stage 1: Become familiar with how SSL works

• Done with Stage 1

1. Read SSL Documentation
   1. Read What is SSL?
   2. Read What is an SSL certificate?
   3. Read What is a SAN certificate?
   4. Read What is a certificate authority?
   5. Read What is the difference between a self-signed certificate and a trusted CA signed certificate?
2. (Optional) Practice generating SSL certificates
   1. Generate a private key
   2. Create a Certificate Signing Requests
   3. Selfsign Certificates
3. Read GitLab Documentation
   1. Read NGINX settings
   2. Read SSL Configuration
   3. Read Runner SSL documentation

Stage 2: Technical setup

• Done with Stage 2

1. Familiarize yourself with Common SSL Errors documentation page.
2. Configure SSL for GitLab using the Let's Encrypt integration.
3. Configure SSL for GitLab using a self-signed certificate.
4. Configure GitLab to trust a self-signed certificate.
5. Configure GitLab to trust a certificate chain.
6. Configure a Runner to trust a self-signed certificate.
7. Configure a Runner to trust a certificate chain.

Stage 3: Working with GitLab and SSL

• Done with Stage 3

Remember to contribute to any documentation that needs updating.

1. Look for 10 old SSL-related tickets and read through them to understand what the issues were and how they were addressed. Paste the links here.
   1. __
   2. __
   3. __
   4. __
   5. __
   6. __
   7. __
   8. __
   9. __
   10. __
2. Answer 5 SSL-related tickets and paste the links here. Do this even if a ticket seems too advanced for you to answer. Find the answers from an expert and relay them to the customers.
   1. __
   2. __
   3. __
   4. __
   5. __

Stage 4: Pair on Customer Calls (Optional)

• Done with Stage 4

1. Pair on up to two Customer Calls, where a customer is having trouble with SSL.
   1. call with ___
   2. call with ___

Stage 5: Quiz

• Done with Stage 5

Schedule a call with a TLS SSL Expert (search for SSL). During this call, you will guide them through the following:

1. Clone the support-training project as it contains files needed for next steps in the content/TLS SSL folder.
   1. Print the Subject Alternative Name(s) that the example.crt SSL certificate covers.
   2. Given the files example-1.key and example-2.key, determine which one belongs to the example.crt file (relevant troubleshooting page)
2. Print the validity time period for the gitlab.com SSL certificate
3. Print the certificate chain for the gitlab.com SSL certificate
4. Given the error fatal: unable to access 'https://.git. : SSL certificate problem: unable to get local issuer certificate - name the cause and any possible solutions (hint: SSL Troubleshooting page documentation page).
5. Once you have completed this, have the expert comment below acknowledging your success.

Penultimate stage: Review

Any updates or improvements needed? If there are any dead links, out of date or inaccurate content, missing content whether in this module or in other documentation, list it below as tasks for yourself! Once ready, have a maintainer or manager review.

1. Update ...

Final stage: Completion

1. Manager: schedule a call (or integrate into 1:1) to review how the module went.
2. Have your trainer review your tickets and assessment. If you do not have a trainer, ask an expert to review.
3. Submit a MR to update modules and knowledge_areas in your Support Team yaml file with this training module's topic. You will now be listed as GitLab SSL Expert on Skills by Person page.