Thank you, but this kinda sucks though since it’s a showstopper for us. Is the (only?) workaround to disable SSL certificate verification for now on the Chef 12 server?
(Rant: With all the mantra on performing unit and integration tests, how can something as fundamental as knife-windows not be tested?)
From: Daniel DeLeo [mailto:firstname.lastname@example.org] On Behalf Of Daniel DeLeo
Sent: Wednesday, January 14, 2015 9:00 PM
Subject: [chef] Re: SSL validation failed during Windows bootstrap?
On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:
ERROR: SSL Validation failure connecting to host: cherserver.domain.com (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.
Is this the solution?
From your post it appears you did the right thing, but you’re running into this issue: https://github.com/opscode/knife-windows/issues/133 tl;dr, knife-windows does not transfer trusted certificates the same as vanilla
knife bootstrap does on *nix. This is fixed in master of knife-windows but I don’t know when the next release will be. I’ll ask someone on that team to chime in here.