Enterprise setup: Remedying SSL validation errors
When setting up your API connection in GitClear Enterprise, you may see an error like the following:
We could not verify the SSL certificate of your endpoint. Make sure that your certificate is current and try again. If you need assistance, please contact our support team.
This is usually due to the use of self-signed, or otherwise non-standard, certificates on the side of your provider instance. There are two broad ways of dealing with this:
- Re-run your enterprise setup, via
docker exec -w /home/deployuser/gitclear/current -it gitclear "config/enterprise_setup", and when you get to the question
Do you wish to disable SSL verification on all requests?, you can select "y". This is highly discouraged for long-term use, as it disables all SSL verification instance-wide, but if you are using a trial instance or are not otherwise able to access your provider instance's certificates, this may be the easier option.
- Install the certificates that your provider instance uses and re-run the API setup. Instructions for how to do that are listed below.
After you've successfully remedied the certificate issue through either approach, you can re-run your API setup and connect to your provider instance successfully.
Installing your provider instance certificates
- Get a copy of your CA certificate(s) from your sysadmin or IT staff.
- Copy it/them to
/usr/local/share/ca-certificates/, via this command, run from your local machine (not your Docker instance):
docker cp [FILENAME] gitclear:/usr/local/share/ca-certificates/
- Log into the docker instance:
docker exec -it gitclear bash -lthen
run sudo update-ca-certificates
- Test the connection by running, from the same Docker instance you're logged into:
openssl s_client -showcerts -connect your-provider-instance.yourdomain.com:443 -servername your-provider-instance.yourdomain.com- you should see a successful response, indicating that the certificates are installed correctly.