How to Bypass GitLab-CI Runner Self-Signed Certificate Validation Errors?

Gitlab-CI Runner Certificate Validation Bypass

When registering a Gitlab-CI runner, some users may encounter an error related to invalidating a self-signed certificate:

couldn't execute POST against https://xxxx/ci/api/v1/runners/register.json:
Post https://xxxx/ci/api/v1/runners/register.json:
x509: cannot validate certificate for xxxx because it doesn't contain any IP SANs

Disabling Certificate Validation

To bypass certificate validation for Gitlab-CI runners, follow the steps below:

1. Save Your Certificate Locally:
   Connect to the Gitlab server and download the certificate to your local machine:

   openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d' > certificate.crt

2. Register Runner with Custom CA File:
   Register your runner using the tls-ca-file argument to specify the downloaded certificate file:

   gitlab-runner register --tls-ca-file="path/to/certificate.crt" [other options]

Note: Ensure that the CERTIFICATE path provided in the commands is an absolute path to the certificate file.

The above is the detailed content of How to Bypass GitLab-CI Runner Self-Signed Certificate Validation Errors?. For more information, please follow other related articles on the PHP Chinese website!