Home >Backend Development >Golang >How to Resolve GitLab-CI Runner Self-Signed Certificate Validation Errors?
How to Resolve GitLab-CI Runner Self-Signed Certificate Validation Errors?
- Patricia ArquetteOriginal
- 2024-12-02 19:25:13484browse
Gitlab-CI Runner: Bypassing Self-Signed Certificate Verification
When registering a Gitlab-CI multi-runner, you may encounter errors related to certificate validation, such as:
couldn't execute POST against https://xxxx/ci/api/v1/runners/register.json: Post https://xxxx/ci/api/v1/runners/register.json: x509: cannot validate certificate for xxxx because it doesn't contain any IP SANs
This issue arises when the Gitlab server presents a self-signed certificate that lacks IP Subject Alternative Names (SANs). To bypass certificate validation, you can use the --tls-ca-file option when registering the runner.
gitlab-runner register --tls-ca-file=/path/to/certificate.crt [other options]
Where /path/to/certificate.crt is the absolute path to the self-signed certificate file. Alternatively, you can disable certificate verification entirely by setting --tls-disable-verify to true, but this is not recommended as it can compromise the security of your runner.
gitlab-runner register --tls-disable-verify=true [other options]
If you are not the administrator of the Gitlab server but are responsible for managing the runner server, you can obtain the certificate from the Gitlab server using the following commands:
SERVER=gitlab.example.com
PORT=443
CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt
sudo mkdir -p $(dirname "$CERTIFICATE")
openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null
Once you have obtained the certificate, you can register the runner using the --tls-ca-file option as described earlier.
Note that this method may not work for custom CA-signed certificates due to a bug in gitlab-runner version 1.11.2. If you encounter issues, it is recommended to upgrade to a newer version of gitlab-runner.
The above is the detailed content of How to Resolve GitLab-CI Runner Self-Signed Certificate Validation Errors?. For more information, please follow other related articles on the PHP Chinese website!