[chef] Re: <Errno::ECONNRESET: Connection reset by peer - SSL_connect> when chef-server-ctl test

[Dmitrii Golub < >]

Really there are no certificates installed

:~$ openssl s_client -connect ip-10-0-1-86:443

CONNECTED(00000003)

write:errno=104

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 226 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

---

Nginx config use two:

ssl_certificate /var/opt/chef-server/nginx/ca/ip-10-0-1-86.crt;

ssl_certificate_key /var/opt/chef-server/nginx/ca/ip-10-0-1-86.key;

I am not good in certificates, really. As I understand openssl can't find peer certificate. Where it's locates and how to make linux use it by default. Moreover, other clients should use that custom certificate. Right?

Things become hard

On Jun 27, 2013, at 9:41 PM, Daniel Condomitti < "> > wrote:

Try `openssl s_client -connect ip-10-0-1-86:443` and curl http://ip-10-0-1-86:443/clients' to see if it's actually just serving HTTP (non-TLS/SSL traffic) on port 443.

On Thursday, June 27, 2013 at 12:49 AM, Dmitrii Golub wrote:

Hello

After successfull chef installation on AWS Ubuntu 12.04 (default instance), chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb

When I run 

sudo chef-server-ctl test

Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect> (full error listing: https://gist.github.com/Houdini/5868356)

I noticed that error is in file 

/opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb:81:in `create_client'

I added puts there, and url is "https://ip-10-0-1-86/clients" that actually is localhost.

And really:

curl https://ip-10-0-1-86/clients
curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443 

Any ideas how to fix it?

Thanks