Knife-ec2 / Excon ssl verification error


#1

Has anyone gotten this error running knife-ec2 commands with excon 0.39.6
(latest ChefDK) on OS X 10.9.5?

ERROR: Excon::Errors::SocketError: Unable to verify certificate, please set
Excon.defaults[:ssl_ca_path] = path_to_certs, ENV['SSL_CERT_DIR'] = path_to_certs, Excon.defaults[:ssl_ca_file] = path_to_file,
ENV['SSL_CERT_FILE'] = path_to_file or Excon.defaults[:ssl_verify_peer] = false (less secure).

Adding Excon.defaults[:ssl_verify_peer] = false to my knife.rb makes it
work, but doesn’t give me a warm and fuzzy feeling. Any help would be
greatly appreciated!


#2

On Friday, October 3, 2014 at 6:33 AM, Gabriel Rosendorf wrote:

Has anyone gotten this error running knife-ec2 commands with excon 0.39.6 (latest ChefDK) on OS X 10.9.5?

ERROR: Excon::Errors::SocketError: Unable to verify certificate, please set Excon.defaults[:ssl_ca_path] = path_to_certs, ENV['SSL_CERT_DIR'] = path_to_certs, Excon.defaults[:ssl_ca_file] = path_to_file, ENV['SSL_CERT_FILE'] = path_to_file or Excon.defaults[:ssl_verify_peer] = false (less secure).

Adding Excon.defaults[:ssl_verify_peer] = false to my knife.rb makes it work, but doesn’t give me a warm and fuzzy feeling. Any help would be greatly appreciated!

I don’t know how excon configures things, but you should have a file /opt/chefdk/embedded/ssl/certs/cacert.pem which is the CA certificate and should be baked in to OpenSSL. Do other SSL connections work, e.g., if you set ssl_verify_mode :verify_peer in your knife.rb, does knife connect to a chef-server over SSL properly?


Daniel DeLeo