I’m having some problems getting knife-windows and winrm to work over ssl. I’m using certificates from an internal PKI (ADCS). I’ve appended the public key of the root and issuing certs to cacert.pem (on my workstation), but:
knife winrm -m <fqdn> "ipconfig /all" -t ssl -x $username -P $password -f .\<fqdn>.crt ERROR: Could not establish a secure connection to the server. Use `knife ssl check` to troubleshoot your SSL configuration. If your Chef Server uses a self-signed certificate, you can use `knife ssl fetch` to make knife trust the server's certificates. Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
The above works with :verify_none.
knife ssl check https://<fqdn>:5986 Connecting to host <fqdn>:5986 Successfully verified certificates from `<fqdn>' [bool](Test-WSMan <fqdn> -UseSSL) True
Suggestions? How do I make knife trust my ADCS PKI?