[chef] Re: Re: Re: Validation keys at Chef server

[DV < >]

Well,our Chef server was set up using standard Chef rpm and it comes with validator and webui keys stored in /etc/chef-server, how about that?

> rpm -qa|grep chef

chef-server-11.0.11-1.el6.x86_64

> ll /etc/chef-server/

total 28

-rw------- 1 root        root        1679 Apr  3 14:22 admin.pem

-rw-r--r-- 1 root        root          42 Apr  5 18:10 chef-server.rb

-rw------- 1 chef_server root        7773 Apr  5 18:22 chef-server-running.json

-rw------- 1 root        root         765 Apr 11 14:11 chef-server-secrets.json

-rw------- 1 root        root        1679 Apr  3 14:22 chef-validator.pem

-rw-r----- 1 root        chef_server 1679 Apr  3 14:22 chef-webui.pem

On Mon, Aug 4, 2014 at 2:11 AM, Steven Danna < " target="_blank"> > wrote:

Hi,

On Sun, Aug 3, 2014 at 3:33 PM, Arnold Krille < "> > wrote:

> I think the main reason Chef-Server can't give you the validation-key
> is that it doesn't store the private keys of users, machines or
> validators. And if it did, there would be several people filing urgent
> security reports against it...

This is correct.  The server does not store the private key and thus
there is no way to redownload the private key for an existing client
from the Chef server without resetting the keys.

Cheers,

Steven

--
Best regards, Dmitriy V.