Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
96a0498b
Commit
96a0498b
authored
Aug 17, 2021
by
Ben Prescott @bprescott_↙ ☺
Committed by
Amy Qualls
Aug 17, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Limitations of x509 signing
parent
ae3ce141
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
0 deletions
+16
-0
doc/user/project/repository/x509_signed_commits/index.md
doc/user/project/repository/x509_signed_commits/index.md
+16
-0
No files found.
doc/user/project/repository/x509_signed_commits/index.md
View file @
96a0498b
...
@@ -7,6 +7,8 @@ type: concepts, howto
...
@@ -7,6 +7,8 @@ type: concepts, howto
# Signing commits and tags with X.509 **(FREE)**
# Signing commits and tags with X.509 **(FREE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/17773) in GitLab 12.8.
[
X.509
](
https://en.wikipedia.org/wiki/X.509
)
is a standard format for public key
[
X.509
](
https://en.wikipedia.org/wiki/X.509
)
is a standard format for public key
certificates issued by a public or private Public Key Infrastructure (PKI).
certificates issued by a public or private Public Key Infrastructure (PKI).
Personal X.509 certificates are used for authentication or signing purposes
Personal X.509 certificates are used for authentication or signing purposes
...
@@ -37,6 +39,20 @@ Self signed certificates without `authorityKeyIdentifier`,
...
@@ -37,6 +39,20 @@ Self signed certificates without `authorityKeyIdentifier`,
recommend using certificates from a PKI that are in line with
recommend using certificates from a PKI that are in line with
[
RFC 5280
](
https://tools.ietf.org/html/rfc5280
)
.
[
RFC 5280
](
https://tools.ietf.org/html/rfc5280
)
.
## Limitations
-
If you have more than one email in the Subject Alternative Name list in
your signing certificate,
[
only the first one is used to verify commits
](
https://gitlab.com/gitlab-org/gitlab/-/issues/336677
)
.
-
The
`X509v3 Subject Key Identifier`
(SKI) in the issuer certificate and the
signing certificate
[
must be 40 characters long
](
https://gitlab.com/gitlab-org/gitlab/-/issues/332503
)
.
If your SKI is shorter, commits will not show as verified in GitLab, and
short subject key identifiers may also
[
cause errors when accessing the project
](
https://gitlab.com/gitlab-org/gitlab/-/issues/332464
)
,
such as 'An error occurred while loading commit signatures' and
`HTTP 422 Unprocessable Entity`
errors.
## Obtaining an X.509 key pair
## Obtaining an X.509 key pair
If your organization has Public Key Infrastructure (PKI), that PKI provides
If your organization has Public Key Infrastructure (PKI), that PKI provides
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment