[chef] Re: Re: knife ec2 problem on windows: Unable to verify certificate

[Jeppe Nejsum Madsen < >]

Hi,

Yes, setting the SSL_CERT_FILE manually solves the problem but would rather avoid to add this if possible.

I'm wondering though, why it doesn't find the file automatically, as that seems to be the purpose of the code?

We're using the omnibus installer (just upgraded to 11.12.8), but also bundler for the various knife plugins. Is this mix causing a problem?

/Jeppe

On Tue, Jun 10, 2014 at 5:42 PM, Daniel DeLeo < " target="_blank"> > wrote:

On Tuesday, June 10, 2014 at 7:16 AM, Jeppe Nejsum Madsen wrote:

> Ohai,
>
> We've been using our own version of the knife-ec2 plugin since some features were missing. We've just upgraded to the official version and this brings in excon 0.31 which results in the following error:
>
>
> C:\chef>bundle exec knife ec2 server list
> ←[33m[fog][WARNING] Unable to load the 'unf' gem. Your AWS strings may not be properly encoded.←[0m
> ERROR: Excon::Errors::SocketError: Unable to verify certificate, please set `Excon.defaults[:ssl_ca_path] = path_to_certs`, `ENV['SSL_CERT_DIR'] = path_to_certs`, `Excon.defaults[:ssl_ca_file] = path_to_file`, `ENV['SSL_CERT_FILE'] = path_to_file` or `Excon.defaults[:ssl_verify_peer] = false` (less secure).
>
>
> We used to pin excon to 0.24, but the latest knife-ec2 requires 0.31. We're using chef 11.12.4.
>
> Any hints (besides disabling verification which is not an option :-)
>
> /Jeppe

The omnibus package includes a certificate bundle in embedded/ssl/certs/cacert.pem which chef sets to the config value `ssl_ca_file` https://github.com/opscode/chef/blob/master/lib/chef/config.rb#L373

Something like this in your knife.rb should work:

ENV['SSL_CERT_FILE'] = ssl_ca_file

HTH,

--
Daniel DeLeo