We’re just starting out using Chef for Windows, which has been interesting, as
I had v. little Windows experience before embarking on this project
We’ve run into a Knife Windows issue; this is not improper behaviour as such,
though, hence my writing to the list to have others’ opinions.
By policy, we only bootstrap nodes using Omnibus packages previously copied to
an internal repo. The relevant line in our custom bootstrap template looks like
cscript /nologo C:\chef\wget.vbs
By default, this doesn’t work, because our.msi.repo has a self-signed
certificate. So we patch windows_bootstrap_context.rb, where win_wget is
defined, making sure the XMLHTTP object has the proper option set to ignore the
exception caused by the self-signed cert:
objXMLHTTP.setOption 2, SXH_SERVER_CERT_IGNORE_UNKNOWN_CA
From our perspective, it would be nice if Knife Windows had an option to
ignore errors caused by self-signed certificates when bootstrapping Are we
alone in this?