|
I am setting up a chef server for a project in AWS, and I am trying to find the best way to make the server and client happy wrt the ssl settings. I want to do the following. ·
Create a chef server with a private IP address and a public (elastic) IP address. ·
I want to use chef01.some.dom.com as the DNS/hostname for the private IP address, and I want to use chef01-eip.some.dom.com as the DNS for the public IP address, AND I want to create a CNAME of just chef.some.dom.com which I
will use as the name of the chef server in the client.rb files. When I do that, the ssl checking fails. The name of the server in client.rb (che.some.dom.com) does not match the name on the certificate, which was generated with the machines hostname, chef01.some.dom.com. I try to outsmart the “chef-server-ctl reconfigure” command by temporarily changing the host name to my CNAME (chef.some.dom.com). Well, chef-server-ctl is too clever for me. It does a DNS lookup and finds the actual name associated
with the address so it now generates a certificate with name chef01-eip.some.dom.com.
What should I be doing? I am perfectly happy with the self-generated certificate. On a related note, will I also have to copy that cert to the trusted_certs/ directory on all the clients? -- Stephen Corbesero, DevOps Engineer Synchronoss - Mobile Innovation for a Connected World
| www.synchronoss.com |
Archive powered by MHonArc 2.6.16.