Support for internal CAs for signing commits on GitLab.com (SaaS)

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

<TBD after direction is decided, see proposals below>

Problem to solve

GitLab supports use of X.509 user certificates to sign commits. However, this requires that GitLab as an instance trusts the certificate's chain at the instance level (not configurable per-group).

On GitLab.com the instance level configuration is unavailable to users. For customers that use an internal CA customizing the trusted cert chains on GitLab.com deployment isn't an option (administration isn't permitted).

Proposal

For GitLab.com (SaaS) we'll need to either:

1. Offer a way to support and manage custom internal CAs at group/namespace levels (or,)
2. Document limitations and disable X.509 support for GitLab.com users, offering only GPG as an option