"Peer's certificate issuer has been marked as not trusted by the user" in Openshift3

Carlos Alberto picture Carlos Alberto · Jul 4, 2017 · Viewed 21.6k times · Source

If S2I - "Source-to-image" resource in Openshift3 tries to connect to a TLS Gitlab repository shows the following message: "Peer's certificate issuer has been marked as not trusted by the user".

How can I instruct Openshift3 which certificates authorities are able to use there? Is there any config/option to bypass this error?

The command entered was:

oc new-app tomcat~https://gitlab.xxx/test/test.git --name=test --strategy=docker

Answer

PhilipGough picture PhilipGough · Jul 5, 2017

For security reasons, you should add a trusted CA source secret to the BuildConfig. To answer your question, you can disable TLS verification by setting an environment variable GIT_SSL_NO_VERIFY to false in the BuildConfig. Checks the docs here for more info.

To pass this directly to the oc new-app command run oc new-app --build-env GIT_SSL_NO_VERIFY=false