Rancher Pipeline -> Private GitLab ( x509: certificate signed by unknown authority)

jackrm · January 16, 2020, 5:29pm

I have a private GitLab (with self-sign certifcate) that I tried to use for Rancher’s pipeline but I’m getting “x509: certificate signed by unknown authority” error and can’t proceed with the configuration. There’s no way to enter the custom self-sign certificate from the initial set-up.

I noticed that if the pipeline is configured already then we can update the cacert to use. Is there a way to enter the cacert from the initial set-up?

Initial configuration (no way to add custom cert):

Pipeline already configured (with cacert option):

ivcode · June 2, 2020, 2:58pm

were you able to resolve this?

jackrm · June 2, 2020, 7:38pm

Yes, we were able to resolve it. The initial setting for pipeline looks at the cert inside Rancher. We load the cert to tls-ca-additional and then updated our rancher to add additionalTrustedCAs: true.

Instruction is on the below link on loading additional cert:

https://rancher.com/docs/rancher/v2.x/en/installation/options/chart-options/

ivcode · June 3, 2020, 1:58am

Thank you for your response. I checked the documentation. But how to --set additionalTrustedCAs=true is unclear to me

jackrm · June 3, 2020, 6:40pm

Sample command to upgrade Rancher and update the existing parameter:

helm upgrade rancher rancher-stable/rancher --reuse-values --set additionalTrustedCAs=true

Topic		Replies	Views
X509: certificate signed by unknown authority when added custom helm repo Rancher	1	3479	January 6, 2022
Rancher PrivateCA Rancher	8	5737	February 11, 2020
Rancher 2.2.7 Fresh Install - cacerts issues (self signed cert) Rancher	3	1872	February 29, 2020
X509: certificate signed by unknown authorit when using kubectl or helm Rancher 1.x	3	6333	July 17, 2018
X509: certificate signed by unknown authority	1	4378	April 27, 2017

Rancher Pipeline -> Private GitLab ( x509: certificate signed by unknown authority)

Related Topics