When try to register GitLab runner with command gitlab-runner register : gitlab-runner register : tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead.
It caused by GitLab not support cert verify with legacy certificate attribute. To resolve that problem it need to genearate certificate in server again. And steps will show as below.
- Generate new certificate and install in GitLab server
Execute command below in GitLab server:export HOSTNAME=home-gitlb-sr01 export CERT_VALID_DAYS=36500 export CERT_PATH=/etc/gitlab/ssl ## Install OpenSSL sudo apt install -y openssl ## Generate RSA key with 2048 length. sudo openssl genrsa -out ${HOSTNAME}.key 2048 ## Generate x509 certificate which contain SANs with key generated. sudo openssl req -new -x509 -addext "subjectAltName = DNS:localhost,DNS:${HOSTNAME}" -days ${CERT_VALID_DAYS} -key ${HOSTNAME}.key -out ${HOSTNAME}.crt ## Backup original certificate and replace with generated one. sudo tar -czvf ${CERT_PATH} ${CERT_PATH}.tar.gz sudo cp ${HOSTNAME}.crt ${CERT_PATH}/ ## Restart GitLab server to apply new certificate. sudo gitlab-ctl reconfigure sudo gitlab-ctyl restart - Import certificate in Gitlab Runner and apply settings.
export HOSTNAME=home-gitlb-sr01 ## Get Cert from GitLab server and copy to runner cert directory. openssl s_client -showcerts -connect ${HOSTNAME}:443 -servername ${HOSTNAME} < /dev/null 2>/dev/null | openssl x509 -outform PEM > ${HOSTNAME}.crt sudo cp ${HOSTNAME}.crt /etc/gitlab-runner/certs/ sudo gitlab-runner register --tls-ca-file=${HOSTNAME}.crt sudo gitlab-runner restart sudo gitlab-runner run
Leave a Reply