troubleshooting Question

connection verification failed between knife and chef server

Avatar of Jason Yu
Jason YuFlag for United States of America asked on
Linux DistributionsWeb Servers
2 Comments1 Solution192 ViewsLast Modified:
I am not sure if I can get help for this topic about chef software.

I was following this link to https://learn.chef.io/manage-a-node/windows/set-up-your-chef-server/, but the ssl check failed. I know I didn't do any steps to configure ssl, but how can I do it here.

thanks.


Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> cd "C:\Users\Yuj\chef-repo\.chef"
PS C:\Users\Yuj\chef-repo\.chef> .\knife.rb jasony.pem
PS C:\Users\Yuj\chef-repo\.chef>
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(142)] window handle is 003A1BBC
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(84)] Ready to process crash requests
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 7796
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 6696
[11620:1892:0330/164414:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(142)] window handle is 003A148E
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[11620:1892:0330/164414:ERROR:crash_service.cc(301)] could not start dumper

PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef> knife ssl check
Connecting to host jboss-testvm.na.kfy.com:443
ERROR: The SSL certificate of jboss-testvm.na.kfy.com could not be verified
Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=jboss-testvm.na.kfy.com

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1l 15 Jan 2015
* Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/cert.pem
* Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: "C:/opscode/chef/embedded/ssl/certs/cacert.pem"
* trusted_certs_dir: "c:\\users\\yuj\\chef-repo\\.chef\\trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

  /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: c:\users\yuj\chef-repo\.chef\trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.

PS C:\Users\Yuj\chef-repo\.chef> cd ..
PS C:\Users\Yuj\chef-repo> dir
ASKER CERTIFIED SOLUTION
slubek

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros