Trying to do an unattended Windows bootstrap in EC2 and having some problems (I’m able to add nodes via the WinRM method). I’m trying to manually run it to troubleshoot and getting this SSL error (this is not the “SSL_connect returned=1 errno=0 state=SSLv3” error.
C:\Users\Administrator\Desktop>C:\opscode\chef\bin\chef-client -j c:\chef\bootstrap\initial.json --environment _default
Starting Chef Client, version 12.8.1
[2016-03-24T14:42:03+00:00] INFO: *** Chef 12.8.1 ***
[2016-03-24T14:42:03+00:00] INFO: Chef-client pid: 1436
Creating a new client identity for WIN-T4F96FJBH2G.ec2.internal using the validator key.
[2016-03-24T14:42:06+00:00] INFO: Client key C:\chef\client.pem is not present - registering
[2016-03-24T14:42:06+00:00] ERROR: SSL Validation failure connecting to host: .com - SSL_connect returned=1 errno=0 state=error: certificate verify failed
In my process, I’m downloading the client.rb and validation key (“org”-validator.pem) from S3 to c:\chef, and initial.json to c:\chef\bootstrap\ before running chef-client -j.
This is a DEV environment and the Chef server is using a self-signed key.
I’ve read through https://docs.chef.io/chef_client_security.html but am still having problems: “However, during the first chef-client run, this private key does not
exist. Instead, the chef-client will attempt to use the private key
assigned to the chef-validator, located in /etc/chef/validation.pem”
Is validation.pem the same thing as “org”-validator.pem? I don’t have a “validation.pem” file. If I need it, where do I get it?
What am I missing here? Thanks a lot.