I recently started having issues with SSL all of a sudden without anything being changed and was hoping someone can be of assistance:
Bootstrapping to windows using winrm, getting the following error:
10.40.1.23 [2016-02-01T17:16:35-05:00] FATAL: OpenSSL::SSL::SSLError: SSL Error connecting to https://XXXXXX/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed.
Nothing in the configs changed and it worked perfectly fine in the past. I did try to add the following line to bypass ssl verification but it doesn’t seem to be working
Any help would be great!
Check the expiration date on the Chef Server’s certificate.
Its valid until 2024. I even tried to run a knife ssl fetch and received the following (no firewalls are on on any of the servers):
- Version: OpenSSL 1.0.1l 15 Jan 2015
- Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-win
- Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x8
Chef SSL Configuration:
- ssl_ca_path: nil
- ssl_ca_file: “C:/opscode/chef/embedded/ssl/certs/cacert.pem”
- trusted_certs_dir: “C:/Users/codegenagent\.chef\trusted_certs”
TO FIX THIS ERROR:
If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server’s certificate.
By default, the certificate is stored in the following location on the host
where your chef-server runs:
Copy that file to your trusted_certs_dir (currently: C:/Users/codegenagent.chef
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server’s certificate is now trusted.
C:\Windows\system32>knife ssl fetch
WARNING: No knife configuration file found
WARNING: Certificates from localhost will be fetched and placed in your trusted_
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
ERROR: Network Error: No connection could be made because the target machine act
ively refused it. - connect(2)
Check your knife configuration and network settings