Hello,
Following through tutorials for Windows and trying to figure out how do I during bootstrap tell client to ignore SSL errors during bootstrapping and subsequent operation. Is there an option for knife command to instruct client to do that?
Adding --winrm-ssl-verify-mode verify_none to your bootstrap command should do it.
This did not work. It did not add chef server certificate to trusted certs on node.
Here is my command and result
knife bootstrap windows winrm mivcustftp1 --winrm-user username --winrm-ssl-verify-mode verify_none --node-name MIVCUSTFTP1
mivcustftp1 [2016-05-16T13:45:41-07:00] ERROR: SSL Validation failure connecting to host: 172.16.218.75 - hostname "172.16.218.75" does not match the server cer
tificate
mivcustftp1 [2016-05-16T13:45:41-07:00] ERROR: SSL Error connecting to https://172.16.218.75/organizations/chef_dsc/nodes/MIVCUSTFTP1, retry 1/5
mivcustftp1 [2016-05-16T13:45:47-07:00] ERROR: SSL Validation failure connecting to host: 172.16.218.75 - hostname "172.16.218.75" does not match the server cer
tificate
Sorry,
Certificate was added just issue as you can see that node does not like non matching server name/SSL certificate. Batch file does not seem to honor parameter supplied to it.
I can see line below being executed with no ssl_verify_mode passed to it
chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json
ok looks like this is an SSL issue between the node and chef server. Adding the parameter I mentioned above is really aimed at SSL between the workstation and the node. You can use --node-ssl-verify-mode none to disable verification between the node and the chef server. Note that this is not recommended in production environments.
Yes, it’s for testing purpouses. Problem is that I have to login to each client and modify client.rb to do that in addition of pushing client via WinRM.