CentOS 7 - Gitlab runner register - self-signed certs - x509: certificate signed by unknown authority
Hi,
I've installed Gitlab CE and gitlab runner via omnibus. (installed in /opt/gitlab) I've disabled the embedded nginx to use mine (I already had one running).
I've created my self-signed certs using the following bash command:
openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:4096 -keyout ca.key -out ca.crt
That I can use directly in nginx for my own services.
I've noticed it is an issue that comes back regularly here, but I all the solutions that I found and tried didn't work for me:
- copied my ca.cert at the folder path
/home/gitlab-runner/data/certs/ca.crt
- added to
/etc/gitlab-runner/config.toml
these variables :SSL_KEY_PATH="/etc/nginx/ssl/gitlab/ca.key" CA_CERTIFICATES_PATH="/etc/nginx/ssl/gitlab/ca.crt"
- created a hash-based symlink of the ca.crt using this script (https://www.madboa.com/geek/openssl/#verify-new) in
/opt/gitlab/embedded/ssl/certs
and when I use the command gitlab-ci-multi-runner register
I get the x509: certificate signed by unknown authority
error.
Is there a way to tell (I don't know like a --selfsigned flag) the runner not to verify the authority for the self-sign cert ? Has someone been able to use self-sign certs for the gitlab runners ? are my certs properly generated for it to work ? Is there a simple tutorial somewhere that would provide the necessary steps to do it ?
Thank you in advance for you answers.