- From: Daniel DeLeo <
>
- To:
- Subject: [chef] Re: knife ec2 problem on windows: Unable to verify certificate
- Date: Tue, 10 Jun 2014 08:42:48 -0700
On Tuesday, June 10, 2014 at 7:16 AM, Jeppe Nejsum Madsen wrote:
>
Ohai,
>
>
We've been using our own version of the knife-ec2 plugin since some
>
features were missing. We've just upgraded to the official version and this
>
brings in excon 0.31 which results in the following error:
>
>
>
C:\chef>bundle exec knife ec2 server list
>
←[33m[fog][WARNING] Unable to load the 'unf' gem. Your AWS strings may not
>
be properly encoded.←[0m
>
ERROR: Excon::Errors::SocketError: Unable to verify certificate, please set
>
`Excon.defaults[:ssl_ca_path] = path_to_certs`, `ENV['SSL_CERT_DIR'] =
>
path_to_certs`, `Excon.defaults[:ssl_ca_file] = path_to_file`,
>
`ENV['SSL_CERT_FILE'] = path_to_file` or `Excon.defaults[:ssl_verify_peer]
>
= false` (less secure).
>
>
>
We used to pin excon to 0.24, but the latest knife-ec2 requires 0.31. We're
>
using chef 11.12.4.
>
>
Any hints (besides disabling verification which is not an option :-)
>
>
/Jeppe
The omnibus package includes a certificate bundle in
embedded/ssl/certs/cacert.pem which chef sets to the config value
`ssl_ca_file`
https://github.com/opscode/chef/blob/master/lib/chef/config.rb#L373
Something like this in your knife.rb should work:
ENV['SSL_CERT_FILE'] = ssl_ca_file
HTH,
--
Daniel DeLeo
Archive powered by MHonArc 2.6.16.