Update CA certificate bundle (!4230) · Merge requests · GitLab.org / omnibus-gitlab

Stan Hu requested to merge sh-update-cacerts into master May 15, 2020

This hasn't been updated in over a year, and there are a few expired certificates in this trust chain.

Before

$ ls -al  /opt/gitlab/embedded/ssl/certs/cacert.pem
-rw-r--r-- 1 root root 221488 May  6 03:17 /opt/gitlab/embedded/ssl/certs/cacert.pem
$ openssl crl2pkcs7 -nocrl -certfile /opt/gitlab/embedded/ssl/cert.pem | openssl pkcs7 -print_certs -text -noout | grep Subject: | sort | wc -l
137

After

$ ls -al  /opt/gitlab/embedded/ssl/certs/cacert.pem
-rw-r--r-- 1 root root 225579 May 15 18:28 /opt/gitlab/embedded/ssl/certs/cacert.pem
$ openssl crl2pkcs7 -nocrl -certfile /opt/gitlab/embedded/ssl/cert.pem | openssl pkcs7 -print_certs -text -noout | grep Subject: | sort | wc -l
140

Edited Nov 17, 2021 by GitLab Release Tools Bot

Update CA certificate bundle

Before

After

Merge request reports