Integrations failing to function with SSL decryption
Summary
Our security team has installed certificates on our on premise servers and enabled SSL decryption out to the internet. As a result, our MS Teams integration appear to be failing. I've confirmed that the /opt/gitlab/embedded/ssl/certs/ca-bundle.crt
was updated correctly (it contains all root ca we need) and also ran gitlab-ctl reconfigure many times.
I've also tried copying the cert to /etc/gitlab/ssl/certs and /etc/gitlab/trusted-certs but neither of these worked either.
Steps to reproduce
Configure SSL decryption on your network going out to the internet
What is the current bug behavior?
After installing the certificate on the server (RHEL 8 ca-bundle.crt) I can curl our MS Teams webhook https://domain365.webhook.office.com/webhookb2/xxxxxxxxxxxxxxxxxxxxxxxxx without any problems, the certificate is trusted. When I attempt to trigger the webhook in Gitlab (create a wiki page) it fails.
What is the expected correct behavior?
We expect the webhook to be successful and trigger the notificatoin in MS teams
Relevant logs
gitlab-rails/application_json.log:{"severity":"INFO","time":"2021-06-14T17:22:19.847Z","correlation_id":"01F85RQ8N9EP7J7NY579F2NWWF","message":"MicrosoftTeams::Notifier: Error while connecting to https://domain365.webhook.office.com/webhookb2/xxxxxxxxxxxxxxxxxxxxxxxxx: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)"}
Details of package version
13.12.3