SSL Cert Error


#1

Hi All,

I get the following error when trying to bootstrap a windows machine:

10.44.51.117 C:\Windows\system32>chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json -E _default
10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: *** Chef 12.1.2 ***
10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: Chef-client pid: 2564
10.44.51.117 [2015-03-25T09:15:03+00:00] INFO: Client key c:/chef/client.pem is not present - registering
10.44.51.117 [2015-03-25T09:15:03+00:00] ERROR: SSL Validation failure connecting to host: myserver.local - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
10.44.51.117
10.44.51.117 ================================================================================
10.44.51.117 Chef encountered an error attempting to create the client "node3"
10.44.51.117 ================================================================================
10.44.51.117
10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: NoMethodError: undefined method `run_id’ for nil:NilClass

If on my chef workstation I run:

Knife ssl check
Connecting to host myserver.local:443
Successfully verified certificates from `myserver.local’

Do I somehow need to send the cert out on the chef-client run somehow so the machine I am bootstrapping can verify the cert?

Cheers,
Simon.


Disclaimer

This message is intended only for the use of the person(s) (“Intended Recipient”) to whom it is addressed. It may contain information which is privileged and confidential. Accordingly any dissemination, distribution, copying or other use of this message or any of its content by any person other than the Intended Recipient may constitute a breach of civil or criminal law and is strictly prohibited. If you are not the Intended Recipient, please contact the sender as soon as possible.

Totaljobs Group Limited Registered Office: Bluefin Building, 110 Southwark Street, London, SE1 0TA, UK Registered in England and Wales under company no. 4269861



#2

Just making sure… which chef server version you are running?

Jayant

On Wed, Mar 25, 2015 at 2:54 PM, Simon Hawkins <
Simon.Hawkins@totaljobsgroup.com> wrote:

Hi All,

I get the following error when trying to bootstrap a windows machine:

10.44.51.117 C:\Windows\system32>chef-client -c c:/chef/client.rb -j
c:/chef/first-boot.json -E _default

10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: *** Chef 12.1.2 ***

10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: Chef-client pid: 2564

10.44.51.117 [2015-03-25T09:15:03+00:00] INFO: Client key
c:/chef/client.pem is not present - registering

10.44.51.117 [2015-03-25T09:15:03+00:00] ERROR: SSL Validation failure
connecting to host: myserver.local - SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed

10.44.51.117

10.44.51.117

10.44.51.117 Chef encountered an error attempting to create the client
"node3"

10.44.51.117

10.44.51.117

10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: Stacktrace dumped to
c:/chef/cache/chef-stacktrace.out

10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: NoMethodError: undefined
method `run_id’ for nil:NilClass

If on my chef workstation I run:

Knife ssl check

Connecting to host myserver.local:443

Successfully verified certificates from `myserver.local’

Do I somehow need to send the cert out on the chef-client run somehow so
the machine I am bootstrapping can verify the cert?

Cheers,

Simon.


Disclaimer

This message is intended only for the use of the person(s) (“Intended
Recipient”) to whom it is addressed. It may contain information which is
privileged and confidential. Accordingly any dissemination, distribution,
copying or other use of this message or any of its content by any person
other than the Intended Recipient may constitute a breach of civil or
criminal law and is strictly prohibited. If you are not the Intended
Recipient, please contact the sender as soon as possible.

Totaljobs Group Limited Registered Office: Bluefin Building, 110 Southwark
Street, London, SE1 0TA, UK Registered in England and Wales under company
no. 4269861


#3

Hi Jayant,

It should be: chef-server-core-12.0.6-1

Cheers,
Simon.
From: Jayant Kaushal [mailto:awaken.rogue@gmail.com]
Sent: 25 March 2015 11:52
To: chef@lists.opscode.com
Subject: [chef] Re: SSL Cert Error

Just making sure… which chef server version you are running?

Jayant

On Wed, Mar 25, 2015 at 2:54 PM, Simon Hawkins <Simon.Hawkins@totaljobsgroup.commailto:Simon.Hawkins@totaljobsgroup.com> wrote:
Hi All,

I get the following error when trying to bootstrap a windows machine:

10.44.51.117 C:\Windows\system32>chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json -E _default
10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: *** Chef 12.1.2 ***
10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: Chef-client pid: 2564
10.44.51.117 [2015-03-25T09:15:03+00:00] INFO: Client key c:/chef/client.pem is not present - registering
10.44.51.117 [2015-03-25T09:15:03+00:00] ERROR: SSL Validation failure connecting to host: myserver.local - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
10.44.51.117
10.44.51.117 ================================================================================
10.44.51.117 Chef encountered an error attempting to create the client "node3"
10.44.51.117 ================================================================================
10.44.51.117
10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: NoMethodError: undefined method `run_id’ for nil:NilClass

If on my chef workstation I run:

Knife ssl check
Connecting to host myserver.local:443
Successfully verified certificates from `myserver.local’

Do I somehow need to send the cert out on the chef-client run somehow so the machine I am bootstrapping can verify the cert?

Cheers,
Simon.


Disclaimer

This message is intended only for the use of the person(s) (“Intended Recipient”) to whom it is addressed. It may contain information which is privileged and confidential. Accordingly any dissemination, distribution, copying or other use of this message or any of its content by any person other than the Intended Recipient may constitute a breach of civil or criminal law and is strictly prohibited. If you are not the Intended Recipient, please contact the sender as soon as possible.

Totaljobs Group Limited Registered Office: Bluefin Building, 110 Southwark Street, London, SE1 0TA, UK Registered in England and Wales under company no. 4269861



#4

Sorry for the link only answer but it should help you:

Le 2015-03-25 10:24, Simon Hawkins a écrit :

Hi All,

I get the following error when trying to bootstrap a windows machine:

10.44.51.117 C:Windowssystem32>chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json -E _default

10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: *** Chef 12.1.2 ***

10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: Chef-client pid: 2564

10.44.51.117 [2015-03-25T09:15:03+00:00] INFO: Client key c:/chef/client.pem is not present - registering

10.44.51.117 [2015-03-25T09:15:03+00:00] ERROR: SSL Validation failure connecting to host: myserver.local - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

10.44.51.117

10.44.51.117 ================================================================================

10.44.51.117 Chef encountered an error attempting to create the client “node3”

10.44.51.117 ================================================================================

10.44.51.117

10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out

10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: NoMethodError: undefined method `run_id’ for nil:NilClass

If on my chef workstation I run:

Knife ssl check

Connecting to host myserver.local:443

Successfully verified certificates from `myserver.local’

Do I somehow need to send the cert out on the chef-client run somehow so the machine I am bootstrapping can verify the cert?

Cheers,

Simon.


DISCLAIMER

This message is intended only for the use of the person(s) (“Intended Recipient”) to whom it is addressed. It may contain information which is privileged and confidential. Accordingly any dissemination, distribution, copying or other use of this message or any of its content by any person other than the Intended Recipient may constitute a breach of civil or criminal law and is strictly prohibited. If you are not the Intended Recipient, please contact the sender as soon as possible.

Totaljobs Group Limited Registered Office: Bluefin Building, 110 Southwark Street, London, SE1 0TA, UK Registered in England and Wales under company no. 4269861


#5

Another resource that can help in this process is http://jtimberman.housepub.org/blog/2014/12/11/chef-12-fix-untrusted-self-sign-certs/ since Chef 12 now defaults to validating certificates.

Steven Murawski
Community Software Development Engineer @ Chef
Microsoft MVP - PowerShell
http://stevenmurawski.com

On March 25, 2015 at 8:27:01 AM, Tensibai (tensibai@iabis.net) wrote:

Sorry for the link only answer but it should help you:

Le 2015-03-25 10:24, Simon Hawkins a écrit :

Hi All,

I get the following error when trying to bootstrap a windows machine:

10.44.51.117 C:\Windows\system32>chef-client -c c:/chef/client.rb -j c:/chef/first-boot.json -E _default
10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: *** Chef 12.1.2 ***
10.44.51.117 [2015-03-25T09:14:28+00:00] INFO: Chef-client pid: 2564
10.44.51.117 [2015-03-25T09:15:03+00:00] INFO: Client key c:/chef/client.pem is not present - registering
10.44.51.117 [2015-03-25T09:15:03+00:00] ERROR: SSL Validation failure connecting to host: myserver.local - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
10.44.51.117
10.44.51.117 ================================================================================
10.44.51.117 Chef encountered an error attempting to create the client "node3"
10.44.51.117 ================================================================================
10.44.51.117
10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
10.44.51.117 [2015-03-25T09:15:03+00:00] FATAL: NoMethodError: undefined method `run_id’ for nil:NilClass

If on my chef workstation I run:

Knife ssl check
Connecting to host myserver.local:443
Successfully verified certificates from `myserver.local’

Do I somehow need to send the cert out on the chef-client run somehow so the machine I am bootstrapping can verify the cert?

Cheers,
Simon.

Disclaimer

This message is intended only for the use of the person(s) (“Intended Recipient”) to whom it is addressed. It may contain information which is privileged and confidential. Accordingly any dissemination, distribution, copying or other use of this message or any of its content by any person other than the Intended Recipient may constitute a breach of civil or criminal law and is strictly prohibited. If you are not the Intended Recipient, please contact the sender as soon as possible.

Totaljobs Group Limited Registered Office: Bluefin Building, 110 Southwark Street, London, SE1 0TA, UK Registered in England and Wales under company no. 4269861