diff options
Diffstat (limited to 'doc/administration/troubleshooting/ssl.md')
-rw-r--r-- | doc/administration/troubleshooting/ssl.md | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/administration/troubleshooting/ssl.md b/doc/administration/troubleshooting/ssl.md index f230f047ded..e6c081e1eea 100644 --- a/doc/administration/troubleshooting/ssl.md +++ b/doc/administration/troubleshooting/ssl.md @@ -46,6 +46,44 @@ After configuring a GitLab instance with an internal CA certificate, you might n If you have the problems listed above, add your certificate to `/etc/gitlab/trusted-certs` and run `sudo gitlab-ctl reconfigure`. +## X.509 key values mismatch error + +After configuring your instance with a certificate bundle, NGINX may throw the +following error: + +`SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch` + +This error means that the server certificate and key you have provided do not +match. You can confirm this by running the following command and comparing the +output: + +```shell +openssl rsa -noout -modulus -in path/to/your/.key | openssl md5 +openssl x509 -noout -modulus -in path/to/your/.crt | openssl md5 +``` + +The following is an example of an md5 output between a matching key and certificate. Note the +matching md5 hashes: + +```shell +$ openssl rsa -noout -modulus -in private.key | openssl md5 +4f49b61b25225abeb7542b29ae20e98c +$ openssl x509 -noout -modulus -in public.crt | openssl md5 +4f49b61b25225abeb7542b29ae20e98c +``` + +This is an opposing output with a non-matching key and certificate which shows different md5 hashes: + +```shell +$ openssl rsa -noout -modulus -in private.key | openssl md5 +d418865077299af27707b1d1fa83cd99 +$ openssl x509 -noout -modulus -in public.crt | openssl md5 +4f49b61b25225abeb7542b29ae20e98c +``` + +If the two outputs differ like the above example, there is a mismatch between the certificate +and key. You should contact the provider of the SSL certificate for further support. + ## Using GitLab Runner with a GitLab instance configured with internal CA certificate or self-signed certificate Besides getting the errors mentioned in |