Problem
When attempting to integrate a version control provider with Terraform Enterprise, an OpenSSL error SSL certificate problem: self signed certificate in certificate chain is received.
Cause
The certificate used on version control server is rejected by the Terraform Enterprise HTTP client because the SSL verification fails. This is often the case with self-signed certificates or when the Terraform Enterprise instance is not configured to trust the signing chain of the version control server SSL certificate.
Solution
Terraform Enterprise needs to be able to access all services that it integrates with such as version control providers using valid TLS.
Verify that the Terraform Enterprise client accepts the HTTPS connection to version control server. This can be done by performing a curl from the Terraform Enterprise Docker container to the version control server; it should not return any SSL errors.
Connect to the ptfe_nginx Docker container using the following command:
$ sudo docker exec -it ptfe_nginx /bin/bash
# Terraform Enterprise v202205-1(619) and newer
$ sudo docker exec -it tfe-nginx /bin/bashOnce connected perform a curl request to the version control server.
$ curl -v -L ${URL}If a self signed certificate in certificate chain error is received then all certificates used in the certificate signing chain, meaning the root certificate and any intermediate certificates, must be included and uploaded to Terraform Enterprise under https://$TFE_HOSTNAME:8800/settings#TLS.
Additional information may be found in the CA Bundle section of the Terraform Enterprise documentation.
Once the certificates have been added to the setting field, save the settings and restart the Terraform Enterprise application when prompted. This allows the newly updated CA settings to be injected into each of the Docker containers that run the Terraform Enterprise application.