I have following configurations performed on my machines
Installed chefdk 0.17, created a cookbook
For chef server
Installed chefserver v12.8,Configured it,created user as well as org
While I tried to run my runlist from my workstation on node following is the error,
Here, I have fetched the ssl certificate and also checked,
PS C:\Users\e-abhayag\chef-starter\chef-repo> knife ssl check
Connecting to host EVALCHEFLIN01:443
Successfully verified certificates from `EVALCHEFLIN01'
What could the problem be?
Whereas if I edit the client.rb with
ssl_verify_mode :verify_none , it's working fine.
Just a quick test. Have you tried to reach your chef server in ssl via the browser ?
Is the certificate showing okay when browsing ?
FYI: In windows I had to export it as a .crt and put it in the trusted_certs folder.
Hope this helps
The self signe certificate for the chef server is really a pain usually.
The problem is that
knife ssl check check against your workstation configuration, not the node config.
I can’t guess how you installed chef ont he machine with IP 10.11.60.42 but I assume it didn’t get the chef server certificate in it’s trusted_cert directory. And even if it’s there, some libs don’t take the trusted_cert dir in account. You’ll have to add the certificate into the cacert.pem of the node’s chef install (and maybe set a SSL_CERT_FILE export if you use some gems with others libraries.
A more detailed “how to” I did on stack overflow is here, adapt the path.
Openssl is bundled in the chef install, so adapting the path should do (replace
/opt/opscode/chef by your chef installation path)