Unable to get local issuer certificate

Aram · April 3, 2021, 8:55pm

Hi,

I’m running Tower 3.8.2 and Ansible 2.9.18 on RHEL 8 VM. Along side of GitLab 13.10.2 on another VM.

Both instances have a Hashicorp Vault hosted CA and cert applied (GitLab, has a nginx reverse proxy in front of it which is SSL terminated).

However, when adding a new project and add in the git repo where the role is defined (pointing to the local gitlab instance, I run into SSL cert issues.

“cmd”: “/usr/bin/git clone --origin origin https://gitlab.basement.lab/ansible/update-and-reboot.git /var/lib/awx/projects/_14__update_and_reboot”,

results in:

‘https://gitlab.basement.lab/ansible/update-and-reboot.git/’: SSL certificate problem: unable to get local issuer certificate\n"

I have added my ca_chain.pem to /etc/pki/ca-trust/source/anchors/ and ran the update-ca-trust … the ca_chain.pem does show in /etc/pki/ca-trust/extracted/openssl.

Is there another step or place where I need to include the CA chain to get git accept the certification WITHOUT having to turn off SSL verification? If I need to turn off SSL I rather do it as a last resort.

Thanks.

Topic		Replies	Views
Module URI unable to get local issuer Ansible Project	4	4	April 23, 2023
AWX/k8s - SSL certificate problem: unable to get local issuer certificate" AWX Project awx , kubernetes	0	10	October 16, 2022
Ansible Automation Platform not Syncing with Gitlab project Get Help awx , project	2	94	September 19, 2024
Internal CA trust for project playbooks AWX Project awx , ee	4	3	September 23, 2021
Local action in playbook tree Ansible Project	14	0	September 16, 2013

Unable to get local issuer certificate

Related topics