chef - [chef] Re: chef-provisioning configuration for winrm w/ ssl-transport (and self signed certs)

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: chef-provisioning configuration for winrm w/ ssl-transport (and self signed certs)

From: Chris McClimans < >
To:
Subject: [chef] Re: chef-provisioning configuration for winrm w/ ssl-transport (and self signed certs)
Date: Thu, 1 Oct 2015 15:26:04 -0400

In order for ssl to work, we need to tell ssl that it's ok that
ssl_subject CN doesn't match the ip.
Any thoughts on how to proceed?

https://github.com/ii/chef-provisioning-aws/pull/2/files#r40951990

#[19] pry(#<Chef::Provisioning::AWSDriver::Driver>)>
endpoint.split('/')[2].split(':').first
#  => "10.113.70.104"
#  [20] pry(#<Chef::Provisioning::AWSDriver::Driver>)>
machine_spec.reference[:winrm_ssl_subject]
#    => "IP-0A714668"
#
# [1] pry(#<Chef::Provisioning::AWSDriver::Driver>)>
Chef::Provisioning::Transport::WinRM.new("#{endpoint}", type,
winrm_options, {}).execute('hostname')
# OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error:
certificate verify failed
# from
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:307:in
`connect'
# [2] pry(#<Chef::Provisioning::AWSDriver::Driver>)> wtf!
# Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0
state=error: certificate verify failed
# --
# 0:
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:307:in
`connect'
# 1:
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:307:in
`ssl_connect'
# 2:
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:755:in
`block in connect'
# 3: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:89:in
`block in timeout'
# 4: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:99:in `call'
# 5: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:99:in `timeout'
# 6: /home/hh/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:125:in
`timeout'
# 8:
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:612:in
`query'
# 9:
/home/hh/.rvm/gems/ruby-2.2.0/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:164:in
`query'
# [3] pry(#<Chef::Provisioning::AWSDriver::Driver>)> winrm_options
# => {:user=>"Administrator",
#  :pass=>"(xntd8f=-HNnuJ3",
#   :disable_sspi=>false,
#    :basic_auth_only=>false,
#     :no_ssl_peer_verification=>false,
#
:ca_trust_path=>"/home/hh/provisioning/.chef/trusted_certs/base-2012-hardened-6.crt"}

[chef] Re: chef-provisioning configuration for winrm w/ ssl-transport (and self signed certs), Chris McClimans, 10/01/2015
- [chef] Re: Re: chef-provisioning configuration for winrm w/ ssl-transport (and self signed certs), Daniel DeLeo, 10/02/2015