ERROR: SSL Validation failure connecting to host: cherserver.domain.com - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.
Server: v12.0.x
Client: v12.0.3
Is this the solution?
Chris
On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:
ERROR: SSL Validation failure connecting to host: cherserver.domain.com (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.
Server: v12.0.x
Client: v12.0.3Is this the solution?
Chef 12: Fix Untrusted Self Signed Certificates - Chef Blog | ChefChris
From your post it appears you did the right thing, but you’re running into this issue: bootstrap's creation of client.rb should mimic chef gem's code · Issue #133 · chef/knife-windows · GitHub tl;dr, knife-windows does not transfer trusted certificates the same as vanilla knife bootstrap does on *nix. This is fixed in master of knife-windows but I don’t know when the next release will be. I’ll ask someone on that team to chime in here.
--
Daniel DeLeo
Thank you, but this kinda sucks though since it's a showstopper for us. Is the (only?) workaround to disable SSL certificate verification for now on the Chef 12 server?
(Rant: With all the mantra on performing unit and integration tests, how can something as fundamental as knife-windows not be tested?)
Chris
-----Original Message-----
From: Daniel DeLeo [mailto:ddeleo@kallistec.com] On Behalf Of Daniel DeLeo
Sent: Wednesday, January 14, 2015 9:00 PM
To: chef@lists.opscode.com
Subject: [chef] Re: SSL validation failed during Windows bootstrap?
On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:
ERROR: SSL Validation failure connecting to host: cherserver.domain.com (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I did a knife ssl fetch on my workstation, and when I bootstrap my Windows node, I get above error.
Server: v12.0.x
Client: v12.0.3Is this the solution?
Chef 12: Fix Untrusted Self Signed Certificates - Chef Blog | ChefChris
From your post it appears you did the right thing, but you’re running into this issue: bootstrap's creation of client.rb should mimic chef gem's code · Issue #133 · chef/knife-windows · GitHub tl;dr, knife-windows does not transfer trusted certificates the same as vanilla knife bootstrap does on *nix. This is fixed in master of knife-windows but I don’t know when the next release will be. I’ll ask someone on that team to chime in here.
--
Daniel DeLeo