Can't connect chef client to server

#1

Hello,

I am trying to connect my chef client to my chef workstation so that it can grab the cookbooks from it. However, when I run the command
chef-client -S https://testclient.test.ca/ -K /etc/chef/validator.pem

It is returning this error:

Starting Chef Client, version 14.12.9
[2019-05-07T15:26:22-03:00] INFO: *** Chef 14.12.9 ***
[2019-05-07T15:26:22-03:00] INFO: Platform: x86_64-linux
[2019-05-07T15:26:22-03:00] INFO: Chef-client pid: 10435
[2019-05-07T15:26:22-03:00] INFO: The plugin path /etc/chef/ohai/plugins does not exist. Skipping...
Creating a new client identity for ip-10-0-0-112.ec2.internal using the validator key.
[2019-05-07T15:26:24-03:00] INFO: Client key /etc/chef/client.pem is not present - registering
[2019-05-07T15:26:24-03:00] ERROR: SSL Validation failure connecting to host: fairchild.rssrv.ca - SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)

================================================================================
Chef encountered an error attempting to create the client "ip-10-0-0-112.ec2.internal"
================================================================================

System Info:
------------
chef_version=14.12.9
ruby=ruby 2.5.5p157 (2019-03-15 revision 67260) [x86_64-linux]
program_name=/usr/bin/chef-client
executable=/opt/chef/bin/chef-client


Running handlers:
[2019-05-07T15:26:24-03:00] ERROR: Running exception handlers
Running handlers complete
[2019-05-07T15:26:24-03:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 01 seconds
[2019-05-07T15:26:24-03:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2019-05-07T15:26:24-03:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2019-05-07T15:26:24-03:00] FATAL: OpenSSL::SSL::SSLError: SSL Error connecting to https://fairchild.rssrv.ca/organizations/redsky/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)

Any ideas as to what might be going wrong would be greatly appreciated.

#2

The issue here is self-signed certificates not validating. One would need to add the cacert bundle to /etc/chef/trusted_certs or disabling ssl validation (not recommended).