Skip to content
GitLab
Next

Git-LFS and custom Certificates Authority - x509: certificate signed by unknown authority

We're trying to use a minio instance as a backend for git-lfs. Our minio instance is served over https with a certificate signed by our internal CA. We have instructed our gitlab deployment to use our CA using documentation https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-certificate-authorities. Our CA is well listed in the /opt/gitlab/embedded/ssl/certs/ folder. We have successfully triggered some webhooks to some other services using the same CA - with SSL verification enabled.

However, when gitlab-workhorse execute the handleStoreLFSObject it fails with "x509: certificate signed by unknown authority".

How can we we instruct gitlab-workhorse to trust the same CA bundle as the rest of GitLab parts?

Sample logs:

time="2018-07-24T14:42:45+00:00" level=info msg="Processing LFS authentication" pid=22945 user="user with key key-89"
2018-07-24_14:42:45.60617 time="2018-07-24T14:42:45Z" level=error msg=error error="handleStoreLFSObject: copy body to tempfile: PUT request \"https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-17518-0009-0137-a555b4f11486f5e220132957e263044b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/xxx/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=[FILTERED]\": Put https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-17518-0009-0137-a555b4f11486f5e220132957e263044b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/xxx/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=77f2c3be9ecfed4d9f8fd899124701fc4bb44f3c2dc592f06cccebeea9cd90c8: x509: certificate signed by unknown authority" method=PUT uri=/xxx/test.git/gitlab-lfs/objects/a70ed522becc5fecc4ede2b8293327c2e4d733b3aeb38c68e1466fa895c6606b/38640
2018-07-24_14:42:45.73588 time="2018-07-24T14:42:45Z" level=error msg=error error="handleStoreLFSObject: copy body to tempfile: PUT request \"https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-1062-0040-5178-5d307e57a88be2ab42382202929af06b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/xxx/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=[FILTERED]\": Put https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-1062-0040-5178-5d307e57a88be2ab42382202929af06b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/sophia/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=eab1e00436d89f0d46b745b1b81c8bddf5ad96500beae1f57e8e997f35a858ae: x509: certificate signed by unknown authority" method=PUT uri=/xxx/test.git/gitlab-lfs/objects/a70ed522becc5fecc4ede2b8293327c2e4d733b3aeb38c68e1466fa895c6606b/38640
  • GitLab version: 11.0.3-ee (f25aa33)
  • GitLab Workhorse: v4.3.1

Please let me know if you need for information.