SSL validation failed during Windows bootstrap?


#1

ERROR: SSL Validation failure connecting to host: cherserver.domain.com - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.

Server: v12.0.x
Client: v12.0.3

Is this the solution?

Chris


#2

On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:

ERROR: SSL Validation failure connecting to host: cherserver.domain.com (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.

Server: v12.0.x
Client: v12.0.3

Is this the solution?
https://www.chef.io/blog/2014/12/12/chef-12-fix-untrusted-self-signed-certificates/

Chris

From your post it appears you did the right thing, but you’re running into this issue: https://github.com/opscode/knife-windows/issues/133 tl;dr, knife-windows does not transfer trusted certificates the same as vanilla knife bootstrap does on *nix. This is fixed in master of knife-windows but I don’t know when the next release will be. I’ll ask someone on that team to chime in here.


Daniel DeLeo


#3

Thank you, but this kinda sucks though since it’s a showstopper for us. Is the (only?) workaround to disable SSL certificate verification for now on the Chef 12 server?

(Rant: With all the mantra on performing unit and integration tests, how can something as fundamental as knife-windows not be tested?)

Chris

-----Original Message-----
From: Daniel DeLeo [mailto:ddeleo@kallistec.com] On Behalf Of Daniel DeLeo
Sent: Wednesday, January 14, 2015 9:00 PM
To: chef@lists.opscode.com
Subject: [chef] Re: SSL validation failed during Windows bootstrap?

On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:

ERROR: SSL Validation failure connecting to host: cherserver.domain.com (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.

Server: v12.0.x
Client: v12.0.3

Is this the solution?
https://www.chef.io/blog/2014/12/12/chef-12-fix-untrusted-self-signed-certificates/

Chris

From your post it appears you did the right thing, but you’re running into this issue: https://github.com/opscode/knife-windows/issues/133 tl;dr, knife-windows does not transfer trusted certificates the same as vanilla knife bootstrap does on *nix. This is fixed in master of knife-windows but I don’t know when the next release will be. I’ll ask someone on that team to chime in here.


Daniel DeLeo