[chef] Re: Secure knife winrm

[Dwayne Forehand < >]

I've been trying to solve the same problem with knife winrm over ssl for a couple days.  Did you get it figured out?

When I knife winrm to my node I get "Error 20 - unable to get local issuer certificate".  I added our CA to /embedded/ssl/certs/cacert.pem and tried again.  Same.  I tried openssl s_client  -showcerts against the domain and got error 20 as expected.  Then I tried another openssl s_client  -showcerts but specified the CAfile as /embedded/ssl/certs/cacert.pem.  Success, returned ok. 

When knife winrm calls openssl is it not passing along the location of /embedded/ssl/certs/cacert.pem?

Using ChefDK  0.3.2 on win server 2012 r2.

-Dwayne

On Thu, Aug 14, 2014 at 5:09 AM, < " target="_blank"> > wrote:

Trying to get knife winrm working with SSL enabled.  Keep getting error with
winrm validating the servers WinRM certificate.  Error: unable to get local
issuer certificate.

I am relativly sure i need to provide a certificate chain but attempts at
providing ca-trust-file have faild.  Can anyone provide link to documentation
on how format and content needed for this file.

Thanks
Daniel D.

--
"And let us consider how to stir up one another to love and good works . . ." - Hebrews 10:24