[SSL Error connecting to https://supermarket.chef.io/universe...certificate verify failed] on default-centos-72


#1

I am making my way through the Chef tutorials using a workstation in my company network. We have a firewall that does MITM for all SSL traffic; this gives Chef, Vagrant, and many other tools heartburn when verifying certificates.

At this point, I am stuck on the “kitchen converge” command in this tutorial: https://learn.chef.io/modules/local-development/rhel/virtualbox/apply-a-cookbook#/
The command fails to verify the certificate when connecting to https://supermarket.chef.io/ (I suspect because our company firewall is basically doing a man in the middle attack).

Initially I encountered similar errors when Vagrant was attempting to download the box, but I was able to work around that by telling Vagrant to skip overlook cert verification failures (details below of that work-around bleow).

How can I configure kitchen (or whatever tool in the Chef toolkit being used) to ignore certificate verification errors when downloading from the supermarket?
I even tried editing the Berksfile so the “source” is pointing to unencrypted http URL - still no luck. At some point something it being stubborn and still attempting to use https.

Side note:

To get Vagrant/Kitchen to work despite our company firewall, I created a Vagrantfile.rb in my working directory:
Vagrant.configure(“2”) do |config|
config.vm.box_download_insecure = true
end

I then modified the kitchen.yml file to include that Vagrant file.
driver:
name: vagrant
vagrantfiles:
- Vagrantfile.rb


#2

This article did the trick: https://getchef.zendesk.com/hc/en-us/articles/204831396-How-to-make-ChefDK-tools-trust-untrusted-SSL-certificates