chef - [chef] Re: knife-ec2 / Excon ssl verification error

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: knife-ec2 / Excon ssl verification error

From: Daniel DeLeo < >
To:
Subject: [chef] Re: knife-ec2 / Excon ssl verification error
Date: Mon, 6 Oct 2014 18:49:42 -0700

On Friday, October 3, 2014 at 6:33 AM, Gabriel Rosendorf wrote:

> Has anyone gotten this error running knife-ec2 commands with excon 0.39.6
> (latest ChefDK) on OS X 10.9.5?
>
> ERROR: Excon::Errors::SocketError: Unable to verify certificate, please set
> `Excon.defaults[:ssl_ca_path] = path_to_certs`, `ENV['SSL_CERT_DIR'] =
> path_to_certs`, `Excon.defaults[:ssl_ca_file] = path_to_file`,
> `ENV['SSL_CERT_FILE'] = path_to_file` or `Excon.defaults[:ssl_verify_peer]
> = false` (less secure).
>
> Adding Excon.defaults[:ssl_verify_peer] = false to my knife.rb makes it
> work, but doesn't give me a warm and fuzzy feeling. Any help would be
> greatly appreciated!

I don’t know how excon configures things, but you should have a file
/opt/chefdk/embedded/ssl/certs/cacert.pem which is the CA certificate and
should be baked in to OpenSSL. Do other SSL connections work, e.g., if you
set `ssl_verify_mode :verify_peer` in your knife.rb, does knife connect to a
chef-server over SSL properly?

--
Daniel DeLeo

[chef] knife-ec2 / Excon ssl verification error, Gabriel Rosendorf, 10/03/2014
- [chef] Re: knife-ec2 / Excon ssl verification error, Daniel DeLeo, 10/06/2014