Test Kitchen SSL error during Chef Client install


Since beginning to work with Chef, I have struggled to get Test Kitchen going on my work laptop due to the various network devices I traverse to get to the Internet.
However I am attempting to revisit it once again and hitting a wall. I am trying to go thru the basics of one of the lesson’s on Chef Rally to just try to get something basic stood up.
I was able to get past any SSL related errors associated to Berkshelf, but when I run a kitchen converge, I am getting an SSL error when trying to download/install the Chef Client inside the Kitchen.
-----> Installing Chef Omnibus (install only if missing)
_ There was an error:_
_ Exception calling “DownloadString” with “1” argument(s): “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.”_
_ The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel._
_ The remote certificate is invalid according to the validation procedure._

Here is the current .kitchen.yml I am trying:

name: vagrant
boot_timeout: 1200
gui: false

name: chef_zero

name: inspec

name: winrm
elevated: true
username: Administrator
password: Pass@word1


  • name: windows-2012R2
    memory: 2048


  • name: default
    • recipe[learn_chef_iis::default]
      • test/smoke/default
        ssl_verify_mode: “:verify_none”

What am I missing to get the Chef client install to disable SSL verification when trying to do a Kitchen Converge?



I also struggled to get this working using Vagrant/VBox. I ultimately got it working after many struggles, but can’t recall all of the steps I took to finally get it working. Since you seem to be working on the Windows side, I would strongly encourage leveraging Hyper-V along with the test kitchen driver of the same name. I found this to be much easier to work with than using the Vagrant approach.


This issue has to do with an expired cert/deployment problem on our end and not much to do with kitchen or vagrant. This is currently being investigated.


Is this the issue you eluded too Seth?

This appears to now be resolved if so and I am still having an issue, so I am trying to judge if this is still an issue with my configuration or not.


Yes, that particular issue was a point in time issue - if you need more active assistance I’d suggest joining us in the Community Slack