[chef] RE: Re: SSL validation failed during Windows bootstrap?

["Fouts, Chris" < >]

Thank you, but this kinda sucks though since it's a showstopper for us. Is 
the (only?) workaround to disable SSL certificate verification for now on the 
Chef 12 server?

(Rant: With all the mantra on performing unit and integration tests, how can 
something as fundamental as knife-windows not be tested?)

Chris

-----Original Message-----
From: Daniel DeLeo 
[mailto:
 
 On Behalf Of Daniel DeLeo
Sent: Wednesday, January 14, 2015 9:00 PM
To: 

 
Subject: [chef] Re: SSL validation failed during Windows bootstrap?



On Wednesday, January 14, 2015 at 3:37 PM, Fouts, Chris wrote:

> ERROR: SSL Validation failure connecting to host: cherserver.domain.com 
> (http://cherserver.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 
> read server certificate B: certificate verify failed
>  
> I did a knife ssl fetch on my workstation, and when I bootstrap my Windows 
> node, I get above error.
>  
> Server: v12.0.x
> Client: v12.0.3
>  
> Is this the solution?
> https://www.chef.io/blog/2014/12/12/chef-12-fix-untrusted-self-signed-certificates/
>  
> Chris
>  

From your post it appears you did the right thing, but you’re running into 
this issue: https://github.com/opscode/knife-windows/issues/133 tl;dr, ;
knife-windows does not transfer trusted certificates the same as vanilla 
`knife bootstrap` does on *nix. This is fixed in master of knife-windows but 
I don’t know when the next release will be. I’ll ask someone on that team to 
chime in here.

--  
Daniel DeLeo