chef - [chef] Unable to use SSL cert from in-house Chef Server w/ knife

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Unable to use SSL cert from in-house Chef Server w/ knife

From: Ivan Suftin < >
To: < >
Subject: [chef] Unable to use SSL cert from in-house Chef Server w/ knife
Date: Mon, 16 Feb 2015 12:14:47 -0600

Ohai Chefs!

We have a Chef 12 server set up with a self-signed cert. I’m trying to get knife to communicate using peer verification with the server.

First, I run the check:

$ knife ssl check https://chef.owicloud.org/organizations/cida

Connecting to host chef.owicloud.org:443
ERROR: The SSL certificate of chef.owicloud.org could not be verified
Certificate issuer data: /C=us/L=Middleton, WI/O=OWI USGS/CN=OWI USGS VPN " class="">CA/

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1k 8 Jan 2015
* Certificate file: /opt/chefdk/embedded/ssl/cert.pem
* Certificate directory: /opt/chefdk/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/Users/isuftin/.chef/trusted_certs"

TO FIX THIS ERROR:

[ … the usual text we know and love …]

Ok, so obviously that doesn’t work. I then try to run a knife ssl fetch:

$ knife ssl fetch https://chef.owicloud.org/
WARNING: Certificates from chef.owicloud.org will be fetched and placed in your trusted_cert
directory (/Users/isuftin/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

ERROR: knife encountered an unexpected error
This may be a bug in the 'ssl fetch' knife command or plugin
Please collect the output of this command with the `-VV` option before filing a bug report.
Exception: NoMethodError: undefined method `[]' for nil:NilClass

I’ve always had this issue so I’ve never used knife ssl fetch to grab the SSL cert. So I scope the cert into /Users/isuftin/.chef/trusted_certs and run a hash check on them on the server and local:

Server:

$ sudo sha256sum /var/opt/opscode/nginx/ca/chef2a.crt
7a876dad9a3f6e59e169d5cb25d2ad64bd362515bbc7f9af2baec5936505ca09 /var/opt/opscode/nginx/ca/chef2a.crt

Local (mac os):

$ shasum -a256 /Users/isuftin/.chef/trusted_certs/chef2a.crt
7a876dad9a3f6e59e169d5cb25d2ad64bd362515bbc7f9af2baec5936505ca09 /Users/isuftin/.chef/trusted_certs/chef2a.crt

Initial thoughts of where I should look?

__________________________ (╯°□°）╯︵ ┻━┻
Ivan Suftin - Applications Developer - " class="">

Office: (608) 821-3825 - Cell : (608) 345-8963
Center for Integrated Data Analytics - http://cida.usgs.gov/

United States Geological Survey

8505 Research Way, Middleton, WI 53562

[chef] Unable to use SSL cert from in-house Chef Server w/ knife, Ivan Suftin, 02/16/2015
- [chef] Re: Unable to use SSL cert from in-house Chef Server w/ knife, Daniel DeLeo, 02/16/2015
  - [chef] Re: Unable to use SSL cert from in-house Chef Server w/ knife, Ivan Suftin, 02/16/2015
    - [chef] Re: Re: Unable to use SSL cert from in-house Chef Server w/ knife, Tensibai, 02/17/2015
      - [chef] Re: Unable to use SSL cert from in-house Chef Server w/ knife, Ivan Suftin, 02/17/2015