Skip to content

CentOS 7 - Gitlab runner register - self-signed certs - x509: certificate signed by unknown authority

Hi,

I've installed Gitlab CE and gitlab runner via omnibus. (installed in /opt/gitlab) I've disabled the embedded nginx to use mine (I already had one running).

I've created my self-signed certs using the following bash command: openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:4096 -keyout ca.key -out ca.crt That I can use directly in nginx for my own services.

I've noticed it is an issue that comes back regularly here, but I all the solutions that I found and tried didn't work for me:

  • copied my ca.cert at the folder path /home/gitlab-runner/data/certs/ca.crt
  • added to /etc/gitlab-runner/config.toml these variables : SSL_KEY_PATH="/etc/nginx/ssl/gitlab/ca.key" CA_CERTIFICATES_PATH="/etc/nginx/ssl/gitlab/ca.crt"
  • created a hash-based symlink of the ca.crt using this script (https://www.madboa.com/geek/openssl/#verify-new) in /opt/gitlab/embedded/ssl/certs

and when I use the command gitlab-ci-multi-runner register I get the x509: certificate signed by unknown authority error.

Is there a way to tell (I don't know like a --selfsigned flag) the runner not to verify the authority for the self-sign cert ? Has someone been able to use self-sign certs for the gitlab runners ? are my certs properly generated for it to work ? Is there a simple tutorial somewhere that would provide the necessary steps to do it ?

Thank you in advance for you answers.