Skip to content
GitLab Next
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • gitlab-workhorse gitlab-workhorse
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 0
    • Issues 0
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

Scheduled maintenance on the database layer will take place on 2022-07-02. We expect GitLab.com to be unavailable for up to 2 hours starting from 06:00 UTC. Kindly follow our status page for updates and read more in our blog post.

  • GitLab.org
  • gitlab-workhorsegitlab-workhorse
  • Issues
  • #177
Closed
Open
Created Jul 24, 2018 by kumy@kumy1

Git-LFS and custom Certificates Authority - x509: certificate signed by unknown authority

We're trying to use a minio instance as a backend for git-lfs. Our minio instance is served over https with a certificate signed by our internal CA. We have instructed our gitlab deployment to use our CA using documentation https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-certificate-authorities. Our CA is well listed in the /opt/gitlab/embedded/ssl/certs/ folder. We have successfully triggered some webhooks to some other services using the same CA - with SSL verification enabled.

However, when gitlab-workhorse execute the handleStoreLFSObject it fails with "x509: certificate signed by unknown authority".

How can we we instruct gitlab-workhorse to trust the same CA bundle as the rest of GitLab parts?

Sample logs:

time="2018-07-24T14:42:45+00:00" level=info msg="Processing LFS authentication" pid=22945 user="user with key key-89"
2018-07-24_14:42:45.60617 time="2018-07-24T14:42:45Z" level=error msg=error error="handleStoreLFSObject: copy body to tempfile: PUT request \"https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-17518-0009-0137-a555b4f11486f5e220132957e263044b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/xxx/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=[FILTERED]\": Put https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-17518-0009-0137-a555b4f11486f5e220132957e263044b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/xxx/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=77f2c3be9ecfed4d9f8fd899124701fc4bb44f3c2dc592f06cccebeea9cd90c8: x509: certificate signed by unknown authority" method=PUT uri=/xxx/test.git/gitlab-lfs/objects/a70ed522becc5fecc4ede2b8293327c2e4d733b3aeb38c68e1466fa895c6606b/38640
2018-07-24_14:42:45.73588 time="2018-07-24T14:42:45Z" level=error msg=error error="handleStoreLFSObject: copy body to tempfile: PUT request \"https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-1062-0040-5178-5d307e57a88be2ab42382202929af06b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/xxx/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=[FILTERED]\": Put https://gitlab-minio.xxx.fr/lfs-objects/tmp/uploads/1532443365-1062-0040-5178-5d307e57a88be2ab42382202929af06b?X-Amz-Expires=15300&X-Amz-Date=20180724T144245Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=xxx/20180724/sophia/s3/aws4_request&X-Amz-SignedHeaders=content-type%3Bhost&X-Amz-Signature=eab1e00436d89f0d46b745b1b81c8bddf5ad96500beae1f57e8e997f35a858ae: x509: certificate signed by unknown authority" method=PUT uri=/xxx/test.git/gitlab-lfs/objects/a70ed522becc5fecc4ede2b8293327c2e4d733b3aeb38c68e1466fa895c6606b/38640
  • GitLab version: 11.0.3-ee (f25aa33)
  • GitLab Workhorse: v4.3.1

Please let me know if you need for information.

Assignee
Assign to
Time tracking