[chef] Re: chef-provisioning configuration for winrm w/ ssl-transport (and self signed certs)


Chronological Thread 
  • From: Chris McClimans < >
  • To:
  • Subject: [chef] Re: chef-provisioning configuration for winrm w/ ssl-transport (and self signed certs)
  • Date: Thu, 1 Oct 2015 15:26:04 -0400

In order for ssl to work, we need to tell ssl that it's ok that
ssl_subject CN doesn't match the ip.
Any thoughts on how to proceed?

https://github.com/ii/chef-provisioning-aws/pull/2/files#r40951990

#[19] pry(#<Chef::Provisioning::AWSDriver::Driver>)>
endpoint.split('/')[2].split(':').first
#  => "10.113.70.104"
#  [20] pry(#<Chef::Provisioning::AWSDriver::Driver>)>
machine_spec.reference[:winrm_ssl_subject]
#    => "IP-0A714668"
#
 # [1] pry(#<Chef::Provisioning::AWSDriver::Driver>)>
Chef::Provisioning::Transport::WinRM.new("#{endpoint}", type,
winrm_options, {}).execute('hostname')
# OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error:
certificate verify failed
# from 
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:307:in
`connect'
# [2] pry(#<Chef::Provisioning::AWSDriver::Driver>)> wtf!
# Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0
state=error: certificate verify failed
# --
# 0: 
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:307:in
`connect'
# 1: 
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:307:in
`ssl_connect'
# 2: 
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:755:in
`block in connect'
# 3: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:89:in
`block in timeout'
# 4: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:99:in `call'
# 5: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:99:in `timeout'
# 6: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:125:in 
`timeout'
# 8: 
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:612:in
`query'
# 9: 
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:164:in
`query'
# [3] pry(#<Chef::Provisioning::AWSDriver::Driver>)> winrm_options
# => {:user=>"Administrator",
#  :pass=>"(xntd8f=-HNnuJ3",
#   :disable_sspi=>false,
#    :basic_auth_only=>false,
#     :no_ssl_peer_verification=>false,
#      
:ca_trust_path=>"/home/hh/provisioning/.chef/trusted_certs/base-2012-hardened-6.crt"}



Archive powered by MHonArc 2.6.16.

§