[QUESTION] curl: (60) SSL certificate problem: self signed certificate in certificate chain

[mickey2012ex]

Question

Received error curl: (60) SSL certificate problem: self signed certificate in certificate chain when deploying
May i know how to ignore or add self signed cert to it?

[talzigm]

hi,

any conclusion? i am getting same error

[kalined]

Hi @talzigm,

If you have deployed runners to the OpenShift, you have to verify a few things to make sure what's the main reason and how to deal with it:

1. The type of platform the cluster is trying to reach. Is it github.com or GitHub Enterprise Server?;
2. Check what kind of certificate that platform uses. Is the certificate self-signed?;
3. Check your firewall and proxy settings;

In case it's a GHES and self-signed certificate, you could try to add the rooCA of the self-signed certificate to your deployment in the OpenShift, to check if that solves the issue or not. Here are the key elements that should be added to the deployment file (for example, from the UI):

   volumeMounts:
        - mountPath: /etc/pki/tls/certs/root-ca.crt
          name: ca-volume
          readOnly: true
          subPath: ca.crt

volumes:
      - name: ca-volume
        secret:
          defaultMode: 420
          secretName: root-ca

and environment variable:

- name: SSL_CERT_FILE
          value: /etc/pki/tls/certs/root-ca.crt

Hope that would help,