How to Ignore Self-Signed Certificates When Registering a GitLab-CI Runner?

Ignoring Self-Signed Certificate in GitLab-CI Runner

When registering the GitLab-CI multi-runner, encountering errors related to certificate validation can be frustrating. This issue arises when the target GitLab instance utilizes a self-signed or custom CA-signed certificate.

Solution

To disable certificate validation and bypass the issue, follow these steps:

1. Obtain the certificate in PEM format:

   openssl s_client -connect gitlab.example.com:443 -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d'

   Copy after login

2. Save the certificate in the certificates hierarchy expected by GitLab:

   mkdir -p /etc/gitlab-runner/certs/
   tee /etc/gitlab-runner/certs/gitlab.example.com.crt

   Copy after login

3. Register the runner with the --tls-ca-file option:

   gitlab-runner register --tls-ca-file=/etc/gitlab-runner/certs/gitlab.example.com.crt

   Copy after login

Note:

• Ensure CERTIFICATE in the command is an absolute path to the certificate file.
• This solution may not work for custom CA-signed certificates due to GitLab-runner issue #2675.

The above is the detailed content of How to Ignore Self-Signed Certificates When Registering a GitLab-CI Runner?. For more information, please follow other related articles on the PHP Chinese website!