Search code examples
gogitlabgitlab-cigitlab-ci-runnergitlab-8

Gitlab-CI runner: ignore self-signed certificate


gitlab-ci-multi-runner register

gave me

couldn't execute POST against https://xxxx/ci/api/v1/runners/register.json:
Post https://xxxx/ci/api/v1/runners/register.json: 
x509: cannot validate certificate for xxxx because it doesn't contain any IP SANs

Is there a way to disable certification validation?

I'm using Gitlab 8.13.1 and gitlab-ci-multi-runner 1.11.2.


Solution

  • Based on Wassim's answer, and gitlab documentation about tls-self-signed and custom CA-signed certificates, here's to save some time if you're not the admin of the gitlab server but just of the server with the runners (and if the runner is run as root):

    SERVER=gitlab.example.com
    PORT=443
    CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt
    
    # Create the certificates hierarchy expected by gitlab
    sudo mkdir -p $(dirname "$CERTIFICATE")
    
    # Get the certificate in PEM format and store it
    openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null
    
    # Register your runner
    gitlab-runner register --tls-ca-file="$CERTIFICATE" [your other options]
    

    Update 1: CERTIFICATE must be an absolute path to the certificate file.

    Update 2: it might still fail with custom CA-signed because of gitlab-runner bug #2675