I did resolve this issue by setting the SSL_CERT_FILE env variable
pointing to a file with our internal CA certs before running knife
As far as I can tell, this location is for ruby libs, not openssl on
itself and that’s why it dies.
I could worth a pull request on knife/chef code, unsure about which
Le 2014-10-30 20:09, Dwayne Forehand a écrit :
I’ve been trying to solve the same problem with knife winrm over ssl for a couple days. Did you get it figured out?
When I knife winrm to my node I get “Error 20 - unable to get local issuer certificate”. I added our CA to /embedded/ssl/certs/cacert.pem and tried again. Same. I tried openssl s_client -showcerts against the domain and got error 20 as expected. Then I tried another openssl s_client -showcerts but specified the CAfile as /embedded/ssl/certs/cacert.pem. Success, returned ok.
When knife winrm calls openssl is it not passing along the location of /embedded/ssl/certs/cacert.pem?
Using ChefDK 0.3.2 on win server 2012 r2.
On Thu, Aug 14, 2014 at 5:09 AM, firstname.lastname@example.org wrote:
Trying to get knife winrm working with SSL enabled. Keep getting error with
winrm validating the servers WinRM certificate. Error: unable to get local
I am relativly sure i need to provide a certificate chain but attempts at
providing ca-trust-file have faild. Can anyone provide link to documentation
on how format and content needed for this file.
“And let us consider how to stir up one another to love and good works . . .” - Hebrews 10:24