Since very, very few servers have signed certificates, shouldn't this check be turned off by default?
Nico Kadel-Garcia
Email: ">
Sent from iPhone
> On May 8, 2015, at 12:17, "Daniel DeLeo" < "> > wrote:
>
>
>
>> On Friday, May 8, 2015 at 6:33 AM, Mohammad Fattahian wrote:
>>
>> After I added new repository for Chef and upgrade my system from 12.04 to 14.04 I got an error:
>>
>> root@ test:~# chef-client -v
>> Chef: 12.3.0
>>
>> :~# chef-client
>> Starting Chef Client, version 12.3.0
>> Creating a new client identity for test.domain.com (http://test.domain.com) using the validator key.
>> [2015-05-07T16:46:17-04:00] ERROR: SSL Validation failure connecting to host: xxxx.domain.com (http://xxxx.domain.com) - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
>>
>> ================================================================================
>> Chef encountered an error attempting to create the client " test.domain.com (http://test.domain.com) "
>> ================================================================================
>>
>> [2015-05-07T16:46:17-04:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
>> Chef Client failed. 0 resources updated in 1.306760691 seconds
>> [2015-05-07T16:46:17-04:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
>> [2015-05-07T16:46:17-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
>>
>> Any Idea?
>
> Chef 12 verifies the certificate of your Chef Server by default. You can use `knife ssl check` to debug this (on a server, you’d run `knife ssl check -c /etc/chef/client.rb`). If your server has a self-signed certificate, you can use `knife ssl fetch` to download the cert, roughly equivalent to clicking “trust this cert for this host” in your browser.
>
> --
> Daniel DeLeo
>
Archive powered by MHonArc 2.6.16.