SSL validation failed during Windows bootstrap?

ERROR: SSL Validation failure connecting to host: cherserver.domain.com - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.

Server: v12.0.x
Client: v12.0.3

Is this the solution?

Chris

On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:

ERROR: SSL Validation failure connecting to host: cherserver.domain.com (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.

Server: v12.0.x
Client: v12.0.3

Is this the solution?
Chef 12: Fix Untrusted Self Signed Certificates - Chef Blog | Chef

Chris

From your post it appears you did the right thing, but you’re running into this issue: bootstrap's creation of client.rb should mimic chef gem's code · Issue #133 · chef/knife-windows · GitHub tl;dr, knife-windows does not transfer trusted certificates the same as vanilla knife bootstrap does on *nix. This is fixed in master of knife-windows but I don’t know when the next release will be. I’ll ask someone on that team to chime in here.

--
Daniel DeLeo

Thank you, but this kinda sucks though since it's a showstopper for us. Is the (only?) workaround to disable SSL certificate verification for now on the Chef 12 server?

(Rant: With all the mantra on performing unit and integration tests, how can something as fundamental as knife-windows not be tested?)

Chris

-----Original Message-----
From: Daniel DeLeo [mailto:ddeleo@kallistec.com] On Behalf Of Daniel DeLeo
Sent: Wednesday, January 14, 2015 9:00 PM
To: chef@lists.opscode.com
Subject: [chef] Re: SSL validation failed during Windows bootstrap?

On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:

ERROR: SSL Validation failure connecting to host: cherserver.domain.com (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.

Server: v12.0.x
Client: v12.0.3

Is this the solution?
Chef 12: Fix Untrusted Self Signed Certificates - Chef Blog | Chef

Chris

From your post it appears you did the right thing, but you’re running into this issue: bootstrap's creation of client.rb should mimic chef gem's code · Issue #133 · chef/knife-windows · GitHub tl;dr, knife-windows does not transfer trusted certificates the same as vanilla knife bootstrap does on *nix. This is fixed in master of knife-windows but I don’t know when the next release will be. I’ll ask someone on that team to chime in here.

--
Daniel DeLeo