Private github Enterprise integration with Chef Automate


#1

Hi,
I am trying to setup integration between our private github enterprise and Chef Automate using directions at https://docs.chef.io/integrate_delivery_github.html
But after following:

Create or update the generated CA certificate bundle files located in the /etc/pki/ca-trust/extracted directory hierarchy.

#update-ca-trust extract

When i go to the UI and Click on save, i get the error log:

tail -f /var/log/delivery/delivery/current

2018-06-24_16:33:35.28761 16:33:35.284 [error] SSL: certify: ssl_handshake.erl:1490:Fatal error: unknown ca
2018-06-24_16:33:35.29007 16:33:35.284 [error] Network error when sending a get request to https://git.mycompany.com:443/api/v3/: {conn_failed,{error,{tls_alert,"unknown ca"}}}

So the CERTS are indeed self signed certs, within our organization. As we are required to do so.

The same configuration works fine with public github, and i dont have to import any certs.

When i issue the command:
#openssl s_client -showcerts -connect git.mycompany.com:443

i get error:
verify error:num=20:unable to get local issuer certificate
Verify return code: 21 (unable to verify the first certificate)

and : Certificate chain
0 s:/C=US/O=X.X.X.X/OU=My OU Security/OU=mycompany/OU=Devices/CN=git.mycompany.com
i:/C=US/O=y,y,y,y/OU=x.x.x.x.x/OU=Certification Authorities/OU=ABC CA4

I have tried all variations for the bundle . but simply could not get this to work. I would appreciate any help.
Thanks,


#2

i was able to resolve this by adding the bundle in a separate file and running $update-ca-trust extract