connection verification failed between knife and chef server

I am not sure if I can get help for this topic about chef software.

I was following this link to https://learn.chef.io/manage-a-node/windows/set-up-your-chef-server/, but the ssl check failed. I know I didn't do any steps to configure ssl, but how can I do it here.

thanks.


Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> cd "C:\Users\Yuj\chef-repo\.chef"
PS C:\Users\Yuj\chef-repo\.chef> .\knife.rb jasony.pem
PS C:\Users\Yuj\chef-repo\.chef>
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(142)] window handle is 003A1BBC
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(84)] Ready to process crash requests
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 7796
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 6696
[11620:1892:0330/164414:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(142)] window handle is 003A148E
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[11620:1892:0330/164414:ERROR:crash_service.cc(301)] could not start dumper

PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef> knife ssl check
Connecting to host jboss-testvm.na.kfy.com:443
ERROR: The SSL certificate of jboss-testvm.na.kfy.com could not be verified
Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=jboss-testvm.na.kfy.com

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1l 15 Jan 2015
* Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/cert.pem
* Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: "C:/opscode/chef/embedded/ssl/certs/cacert.pem"
* trusted_certs_dir: "c:\\users\\yuj\\chef-repo\\.chef\\trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

  /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: c:\users\yuj\chef-repo\.chef\trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.

PS C:\Users\Yuj\chef-repo\.chef> cd ..
PS C:\Users\Yuj\chef-repo> dir

Open in new window

Jason YuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

slubekCommented:
I don't know chef (I used to configure apache), but your log says that ssl certificates of your server (jboss-testvm.na.kfy.com) are self-signed:
the server you are connecting to uses a self-signed certificate
It's ok if you are running test environment only, for learning purposes. But your client doesn't trust that certificate:
ERROR: The SSL certificate of jboss-testvm.na.kfy.com could not be verified
Client trusts certificates located in c:\users\yuj\chef-repo\.chef\trusted_certs directory, so you have to copy there (through secure connection, or USB memory) the file /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt from your server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason YuAuthor Commented:
I resolved the issue by coping that file from the server to my desktop.

/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Thanks for the help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.