connection verification failed between knife and chef server
I am not sure if I can get help for this topic about chef software.
I was following this link to https://learn.chef.io/manage-a-node/windows/set-up-your-chef-server/, but the ssl check failed. I know I didn't do any steps to configure ssl, but how can I do it here.
thanks.
I was following this link to https://learn.chef.io/manage-a-node/windows/set-up-your-chef-server/, but the ssl check failed. I know I didn't do any steps to configure ssl, but how can I do it here.
thanks.
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.
PS C:\Windows\system32> cd "C:\Users\Yuj\chef-repo\.chef"
PS C:\Users\Yuj\chef-repo\.chef> .\knife.rb jasony.pem
PS C:\Users\Yuj\chef-repo\.chef>
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(142)] window handle is 003A1BBC
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[12868:19864:0330/164413:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[12868:19864:0330/164413:VERBOSE1:crash_service_main.cc(84)] Ready to process crash requests
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 7796
[12868:4060:0330/164413:VERBOSE1:crash_service.cc(323)] client start. pid = 6696
[11620:1892:0330/164414:VERBOSE1:crash_service_main.cc(68)] Session start. cmdline is [--reporter-url=https://ticinocrashreporter.azurewebsites.net/crash --application-name=VSCode --v=1]
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(142)] window handle is 003A148E
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(290)] pipe name is \\.\pipe\VSCode Crash Service
dumps at C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes
[11620:1892:0330/164414:VERBOSE1:crash_service.cc(294)] checkpoint is C:\Users\adm-YuJ\AppData\Local\Temp\VSCode Crashes\crash_checkpoint.txt
server is https://ticinocrashreporter.azurewebsites.net/crash
maximum 128 reports/day
reporter is electron-crash-service
[11620:1892:0330/164414:ERROR:crash_service.cc(301)] could not start dumper
PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef>
PS C:\Users\Yuj\chef-repo\.chef> knife ssl check
Connecting to host jboss-testvm.na.kfy.com:443
ERROR: The SSL certificate of jboss-testvm.na.kfy.com could not be verified
Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=jboss-testvm.na.kfy.com
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.1l 15 Jan 2015
* Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/cert.pem
* Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1r/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: "C:/opscode/chef/embedded/ssl/certs/cacert.pem"
* trusted_certs_dir: "c:\\users\\yuj\\chef-repo\\.chef\\trusted_certs"
TO FIX THIS ERROR:
If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.
By default, the certificate is stored in the following location on the host
where your chef-server runs:
/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to your trusted_certs_dir (currently: c:\users\yuj\chef-repo\.chef\trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
PS C:\Users\Yuj\chef-repo\.chef> cd ..
PS C:\Users\Yuj\chef-repo> dir
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I don't know chef (I used to configure apache), but your log says that ssl certificates of your server (jboss-testvm.na.kfy.com) are self-signed:
the server you are connecting to uses a self-signed certificateIt's ok if you are running test environment only, for learning purposes. But your client doesn't trust that certificate:
ERROR: The SSL certificate of jboss-testvm.na.kfy.com could not be verifiedClient trusts certificates located in c:\users\yuj\chef-repo\.ch
Premium Content
You need an Expert Office subscription to comment.Start Free Trial