I have signed an open SSL certificate request and uploaded it to the chef server using the following documentation and signed it via an Active Directory Certificate Services Machine on the domain where the Chef server lives.
Chef documentation found here
Assisting interwebs documentation found here.
I can then connect to the chef manage server using a web browser and get what I am expecting, a trusted certificate (within the browser) using both Internet Explorer or using Google Chrome.
This is the output of the
knife ssl check from the machine using ChefDK on Windows
knife ssl check Configuration Info: OpenSSL Configuration: * Version: OpenSSL 1.0.1t 3 May 2016 * Certificate file: C:/opscode/chefdk/embedded/ssl/cert.pem * Certificate directory: C:/opscode/chefdk/embedded/ssl/certs Chef SSL Configuration: * ssl_ca_path: nil * ssl_ca_file: "C:/opscode/chefdk/embedded/ssl/certs/cacert.pem" * trusted_certs_dir: "c:\\users\\svucich\\chef-repo-sv.local\\.chef\\trusted_certs" WARNING: There are invalid certificates in your trusted_certs_dir. OpenSSL will not use the following certificates when verifying SSL connections: c:/Users/svucich/chef-repo-sv.local/.chef/trusted_certs/chef_sv_local.crt: unable to get local issuer certificate TO FIX THESE WARNINGS: We are working on documentation for resolving common issues uncovered here. * If the certificate is generated by the server, you may try redownloading the server's certificate. By default, the certificate is stored in the following location on the host where your chef-server runs: /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt Copy that file to your trusted_certs_dir (currently: c:\users\svucich\chef-repo-sv.local\.chef\trusted_certs) using SSH/SCP or some other secure method, then re-run this command to confirm that the server's certificate is now trusted. Connecting to host chef.sv.local:443 Successfully verified certificates from `chef.sv.local'`
So I am a little confused about why, when I run a bootstrap to a windows machine, I get the following error which prevents bootstrap.
================================================================================ Chef encountered an error attempting to load the node data for "windows-node4.sv.local" ================================================================================ Unexpected Error: ----------------- OpenSSL::SSL::SSLError: SSL Error connecting to https://chef.sv.local/organizations/bravura/nodes/windows-node4.sv.local - SSL_connect returned=1 errno=0 state=error: certificate verify failed Platform: --------- x64-mingw32 [2017-02-01T14:42:07+13:00] ERROR: Running exception handlers [2017-02-01T14:42:07+13:00] ERROR: Exception handlers complete [2017-02-01T14:42:07+13:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out [2017-02-01T14:42:07+13:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report [2017-02-01T14:42:07+13:00] FATAL: OpenSSL::SSL::SSLError: SSL Error connecting to https://chef.sv.local/organizations/bravura/nodes/windows-node4.sv.local - SSL_connect returned=1 errno=0 state=error: certificate verify failed ERROR: Failed to execute command on node4.sv.local return code 1
So, I understand that the error is saying I have an SSL cert issue, but this is contrary to what I am seeing in the web browser. I would appreciate some assistance as this is the last hurdle before I can really get this working within our environment…