I am getting authentication problems when I try to bootstrap a new node. It’s been a while ,and I had not switched over to the new ssl certificate method. So I took this time to try and do that.
I ran knife ssl fetch and I have .chef/trusted_certs with two files in there.
When I run knife check ssl I get the following.
Configuration Info:
OpenSSL Configuration:
* Version: LibreSSL 2.2.4
* Certificate file: /etc/ssl/cert.pem
* Certificate directory: /etc/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: "/etc/ssl/"
* ssl_ca_file: "cacert.pem"
* trusted_certs_dir: "/home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs"
WARNING: There are invalid certificates in your trusted_certs_dir.
OpenSSL will not use the following certificates when verifying SSL connections:
/home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs/wildcard_opscode_com.crt: unable to get local issuer certificate
/home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs/DigiCert_SHA2_Secure_Server_CA.crt: unable to get local issuer certificate
TO FIX THESE WARNINGS:
We are working on documentation for resolving common issues uncovered here.
* If the certificate is generated by the server, you may try redownloading the
server's certificate. By default, the certificate is stored in the following
location on the host where your chef-server runs:
/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to your trusted_certs_dir (currently: /home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
Connecting to host api.opscode.com:443
Successfully verified certificates from `api.opscode.com'