I am getting authentication problems when I try to bootstrap a new node. It’s been a while ,and I had not switched over to the new ssl certificate method. So I took this time to try and do that.
I ran knife ssl fetch and I have .chef/trusted_certs with two files in there.
When I run knife check ssl I get the following.
Configuration Info: OpenSSL Configuration: * Version: LibreSSL 2.2.4 * Certificate file: /etc/ssl/cert.pem * Certificate directory: /etc/ssl/certs Chef SSL Configuration: * ssl_ca_path: "/etc/ssl/" * ssl_ca_file: "cacert.pem" * trusted_certs_dir: "/home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs" WARNING: There are invalid certificates in your trusted_certs_dir. OpenSSL will not use the following certificates when verifying SSL connections: /home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs/wildcard_opscode_com.crt: unable to get local issuer certificate /home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs/DigiCert_SHA2_Secure_Server_CA.crt: unable to get local issuer certificate TO FIX THESE WARNINGS: We are working on documentation for resolving common issues uncovered here. * If the certificate is generated by the server, you may try redownloading the server's certificate. By default, the certificate is stored in the following location on the host where your chef-server runs: /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt Copy that file to your trusted_certs_dir (currently: /home/gregf/code/cookbooks/chef-gregf.org/.chef/trusted_certs) using SSH/SCP or some other secure method, then re-run this command to confirm that the server's certificate is now trusted. Connecting to host api.opscode.com:443 Successfully verified certificates from `api.opscode.com'