Avatar of Jason Yu
Jason Yu
Flag for United States of America asked on

connection verification failed between knife and chef server

I am not sure if I can get help for this topic about chef software.

I was following this link to https://learn.chef.io/manage-a-node/windows/set-up-your-chef-server/, but the ssl check failed. I know I didn't do any steps to configure ssl, but how can I do it here.

thanks.


Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> cd "C:\Users\Yuj\chef-repo\.chef"
PS C:\Users\Yuj\chef-repo\.chef> .\knife.rb jasony.pem
PS C:\Users\Yuj\chef-repo\.chef>
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(142)] window handle is 003A1BBC
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(84)] Ready to process crash requests
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 7796
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 6696
[11620:1892:0330/164414:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(142)] window handle is 003A148E
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[11620:1892:0330/164414:ERROR:crash_service.cc(301)] could not start dumper

PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef> knife ssl check
Connecting to host jboss-testvm.na.kfy.com:443
ERROR: The SSL certificate of jboss-testvm.na.kfy.com could not be verified
Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=jboss-testvm.na.kfy.com

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1l 15 Jan 2015
* Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/cert.pem
* Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: "C:/opscode/chef/embedded/ssl/certs/cacert.pem"
* trusted_certs_dir: "c:\\users\\yuj\\chef-repo\\.chef\\trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

  /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: c:\users\yuj\chef-repo\.chef\trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.

PS C:\Users\Yuj\chef-repo\.chef> cd ..
PS C:\Users\Yuj\chef-repo> dir

Open in new window

Linux DistributionsWeb Servers

Avatar of undefined
Last Comment
Jason Yu

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
slubek

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Jason Yu

ASKER
I resolved the issue by coping that file from the server to my desktop.

/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Thanks for the help.
Your help has saved me hundreds of hours of internet surfing.
fblack61