Quantcast
Channel: Mattermost Discussion Forums - Latest posts
Viewing all articles
Browse latest Browse all 25778

GitLab and Mattermost on SSL with self-signed certs

$
0
0

I am using the gitlab-ce omnibus rpm with SSL certificates issued by an internal CA, and while my system is correctly configured (openssl verify is happy with the certs), I was still getting this error in /var/log/gitlab/mattermost/mattermost.log

[2016/01/05 18:01:07 SAST] [EROR] /login/gitlab/complete:AuthorizeOAuthUser code=500 rid=XXXXX uid= ip=192.168.0.64 Token request failed [details: Post https://gitlab.XXXXXXX/oauth/token: x509: certificate signed by unknown authority]

The omnibus package ships its own openssl libraries, with their own trusted certs in /opt/gitlab/embedded/ssl/certs/cacert.pem

In order to avoid this problem in future, I have symlinked the system CA cert bundle:

ln -s /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt /opt/gitlab/embedded/ssl/certs/cacert.pem

(On Red Hat-based systems, you should use update-ca-trust to update the CA cert bundle, see 'man update-ca-trust').

Depending on which distributions are supposedly supported with the omnibus RPMs, it might make more sense for it to configure the included openssl to use the OS-provided CA certificate store.


Viewing all articles
Browse latest Browse all 25778

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>