Create an SSL certificate
You can create your own SSL certificate with the OpenSSL binary. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).
NOTE: The current Bitnami GitLab installation already includes the server.key and the server.crt certificates. It is strongly recommended to back up these files before create a new ones. Run the following commands to make sure that you save a copy of the current self-signed certificates:
$ sudo mv /etc/gitlab/ssl/server.crt /etc/gitlab/ssl/server.crt.back $ sudo mv /etc/gitlab/ssl/server.key /etc/gitlab/ssl/server.key.back
-
Generate a new private key:
$ sudo openssl genrsa -out /etc/gitlab/ssl/server.key 2048 -
Create a certificate:
$ sudo openssl req -new -key /etc/gitlab/ssl/server.key -out /etc/gitlab/ssl/cert.csrIMPORTANT: Enter the server domain name when the above command asks for the “Common Name”.
-
Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.
-
Until the certificate is received, create a temporary self-signed certificate:
$ sudo openssl x509 -in /etc/gitlab/ssl/cert.csr -out /etc/gitlab/ssl/server.crt -req -signkey /etc/gitlab/ssl/server.key -days 365 -
Back up your private key in a safe location after generating a password-protected version as follows:
$ sudo openssl rsa -des3 -in /etc/gitlab/ssl/server.key -out privkey.pem
Note that if you use this encrypted key in the configuration file, GitLab won’t be able to start Nginx after any gitlab-ctl reconfigure command. Regenerate the key without password protection from this file as follows:
$ sudo openssl rsa -in privkey.pem -out /etc/gitlab/ssl/server.key
Find more information about certificates at http://www.openssl.org.