How to Register a Gitlab-CI Runner with a Self-Signed Certificate?

Using Self-Signed Certificates with Gitlab-CI Runner

When registering a Gitlab-CI runner using self-signed certificates, you may encounter an issue related to certificate validation. This issue arises when the runner attempts to connect to the Gitlab server over HTTPS and the server's certificate contains no IP SANs (Subject Alternative Names).

To resolve this issue and bypass certificate validation, follow the steps outlined below:

1. Obtain the Gitlab server's certificate. This can be achieved using the openssl s_client command to connect to the server's HTTPS port:

openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2></dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" </dev/null

Replace ${SERVER} with the Gitlab server domain, ${PORT} with the HTTPS port (443 by default), and ${CERTIFICATE} with the absolute path to the certificate file.

2. Register the runner using the gitlab-runner register command and specify the --tls-ca-file option to provide the path to the Gitlab server's certificate:

gitlab-runner register --tls-ca-file="$CERTIFICATE" [your other options]

By using this approach, the runner will ignore the server's self-signed certificate and the registration process will complete successfully. Note that this solution is only recommended for non-production environments where security considerations are less stringent.

The above is the detailed content of How to Register a Gitlab-CI Runner with a Self-Signed Certificate?. For more information, please follow other related articles on the PHP Chinese website!