How to register new chef client


I had a requirement where I need to register my node with chef server without bootstrap. In old version of chef I used to copy and paste the validation.pem file in /etc/chef/ folder and used to run chef-client command which registers itself to chef-server. But in new version there is no validation.pem. So is there any alternative for this?


I have not tried this recently, but this was my process for building a base OS image that could I could self register to the chef server.

  1. Build base OS image
  2. Install Chef client:
    a. As root : curl -L | bash
    b. Create directory /etc/chef , and /etc/chef/trusted_certs
    c. Create file : /etc/client.rb
    chef_server_url ""
    validation_client_name "my-org-validator"
    validation_key “/etc/chef/my-org-validator.pem”

trusted_certs_dir "/etc/chef/trusted_certs"
3. Copy validator certificate (my-org-validator.pem) to image. Make sure location is correct in client.rb file.
4. Copy server certificates from Chef Server to /etc/chef/trusted_certs
a. For hosted chef server, this would be:
i. DigiCert_SHA2_Secure_Server_CA.crt
ii. wildcard_opscode_com.crt

Registration with Chef Server.
After deployment, a new instance can be registered with the Chef Server in a couple of ways.

  1. Execute “chef-client” with no parameters.
  2. Execute “chef-client –r list of roles/recipes
    a. For example : chef-client –r recipe[mypgsql::default], role[mylinux]

Hope it helps.


Hello dpeaslee, Thanks for the response. But my concern is about to register client without validation.pem as we don’t get validation.pem for new Chef servers.