How to solve SSL certificate issue?


#1

I have following configurations performed on my machines

For workstation
Installed chefdk 0.17, created a cookbook
For chef server
Installed chefserver v12.8,Configured it,created user as well as org
While I tried to run my runlist from my workstation on node following is the error,

Here, I have fetched the ssl certificate and also checked,

    PS C:\Users\e-abhayag\chef-starter\chef-repo> knife ssl check
    Connecting to host EVALCHEFLIN01:443
    Successfully verified certificates from `EVALCHEFLIN01'

What could the problem be?

Whereas if I edit the client.rb with ssl_verify_mode :verify_none , it’s working fine.


#2

Ho abhaya,

Just a quick test. Have you tried to reach your chef server in ssl via the browser ?
Is the certificate showing okay when browsing ?

FYI: In windows I had to export it as a .crt and put it in the trusted_certs folder.

Hope this helps


#3

The self signe certificate for the chef server is really a pain usually.

The problem is that knife ssl check check against your workstation configuration, not the node config.

I can’t guess how you installed chef ont he machine with IP 10.11.60.42 but I assume it didn’t get the chef server certificate in it’s trusted_cert directory. And even if it’s there, some libs don’t take the trusted_cert dir in account. You’ll have to add the certificate into the cacert.pem of the node’s chef install (and maybe set a SSL_CERT_FILE export if you use some gems with others libraries.

A more detailed “how to” I did on stack overflow is here, adapt the path.

Openssl is bundled in the chef install, so adapting the path should do (replace /opt/opscode/chef by your chef installation path)