Cannot integrate mattermost (standalone) with our GitLab instance

Hi!

We are currently facing an issue trying to integrate a standalone Mattermost instance with GitLab. We did a similar setup on a QA environment and it was working... However, when trying to do this on PROD it fails.

We are currently running 11.1.2-ee

Used procedure:

We received a p12 for Mattermost
We converted the p12 to a .crt
We added the CRT content to our GitLab instance (under /etc/pki/tls/certs/ca-bundle.crt )
We reconfigured and restarted GitLab instance

Of course a former stage was to create the webhook at both Mattermost & GitLab side so the integration could happen properly.

Actually, trying to test the connection gives:

Started PUT "/root/mattermost-integration/services/mattermost/test" for 10.213.172.177 at 2019-05-08 16:50:16 +0200 Processing by Projects::ServicesController#test as JSON Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "service"=>{"active"=>"1", "push_events"=>"1", "push_channel"=>"", "issues_events"=>"1", "issue_channel"=>"", "confidential_issues_events"=>"1", "confidential_issue_channel"=>"", "merge_requests_events"=>"1", "merge_request_channel"=>"", "note_events"=>"1", "note_channel"=>"", "confidential_note_events"=>"1", "confidential_note_channel"=>"", "tag_push_events"=>"1", "tag_push_channel"=>"", "pipeline_events"=>"1", "pipeline_channel"=>"", "wiki_page_events"=>"1", "wiki_page_channel"=>"", "webhook"=>"[FILTERED]", "username"=>"Mattermost QA", "notify_only_broken_pipelines"=>"0", "notify_only_default_branch"=>"0"}, "namespace_id"=>"root", "project_id"=>"mattermost-integration", "id"=>"mattermost"} Completed 500 Internal Server Error in 312ms (ActiveRecord: 18.3ms | Elasticsearch: 0.0ms)

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed): /appl/gitlc00/gitlab-opt/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in connect_nonblock' /appl/gitlc00/gitlab-opt/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in ssl_socket_connect' /appl/gitlc00/gitlab-opt/embedded/lib/ruby/2.4.0/net/http.rb:948:in connect' /appl/gitlc00/gitlab-opt/embedded/lib/ruby/2.4.0/net/http.rb:887:in do_start' /appl/gitlc00/gitlab-opt/embedded/lib/ruby/2.4.0/net/http.rb:876:in start' /appl/gitlc00/gitlab-opt/embedded/lib/ruby/2.4.0/net/http.rb:1407:in request' app/models/project_services/chat_notification_service.rb:98:in notify' app/models/project_services/chat_notification_service.rb:74:in execute' app/models/service.rb:160:in test' app/controllers/projects/services_controller.rb:39:in service_test_response' app/controllers/projects/services_controller.rb:28:in test' lib/gitlab/i18n.rb:51:in with_locale' lib/gitlab/i18n.rb:57:in with_user_locale' app/controllers/application_controller.rb:370:in set_locale' lib/gitlab/middleware/multipart.rb:97:in call' lib/gitlab/request_profiler/middleware.rb:14:in call' ee/lib/gitlab/jira/middleware.rb:15:in call' lib/gitlab/middleware/go.rb:17:in call' lib/gitlab/etag_caching/middleware.rb:11:in call' lib/gitlab/middleware/read_only/controller.rb:38:in call' lib/gitlab/middleware/read_only.rb:16:in call' lib/gitlab/request_context.rb:18:in call' lib/gitlab/metrics/requests_rack_middleware.rb:27:in call' lib/gitlab/middleware/release_env.rb:10:in call'

It looks like it's a certificate issue but we're not able to understand what's happening in there. Why this worked for the QA ?

Any idea ?

Thanks a lot!