Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ssl validation error coming while doing chef client setup

I am fairly new to Chef and have installed a chef server 11 on Node1, I have done successfully setup for workstation on Node2 and when I get user list I am getting all the user list

[root@Staging3 .chef]# knife user list
admin
root

But when I issue knife bootstrap I am getting following error.

[root@Staging3 .chef]# knife bootstrap 10.4.6.214 -x root -N slave1 --sudo
Doing old-style registration with the validation key at /opt/chef/chef-repo/.chef/chef-validator.pem...
Delete your validation key in order to use your user credentials instead

Connecting to X.X.X.X
[email protected]'s password: 
X.X.X.X Starting first Chef Client run...
X.X.X.X Starting Chef Client, version 12.1.1
X.X.X.X Creating a new client identity for slave1 using the validator key.
X.X.X.X [2015-03-19T00:42:00+05:30] ERROR: SSL Validation failure connecting to host: staging4.akosha.com - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
X.X.X.X 
X.X.X.X ================================================================================
X.X.X.X Chef encountered an error attempting to create the client "slave1"
X.X.X.X ================================================================================
X.X.X.X 
X.X.X.X [2015-03-19T00:42:00+05:30] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
X.X.X.X Chef Client failed. 0 resources updated in 6.045009421 seconds
X.X.X.X [2015-03-19T00:42:00+05:30] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
X.X.X.X [2015-03-19T00:42:00+05:30] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

I have read all the blog for doing client setup but haven't came across any solution, Any help would be appreciated in this....

I thought there might be some problem from my chef workstation but it wasn't

[root@Staging3 chef-repo]# knife ssl check -s https://staging4.akosha.com
Connecting to host staging4.akosha.com:443
Successfully verified certificates from `staging4.akosha.com'
like image 321
Pulkit Avatar asked Mar 18 '15 19:03

Pulkit


People also ask

Why are SSL certificates used in chef?

This helps us ensure that our systems are secure and run smoothly – without the risk of human error. In this post, we'll talk about how to automate your certificate installation using Chef in the same way. We'll provision an Nginx web server and install an SSL certificate to securely display a web page.

What is knife SSL check command in chef?

You can use the knife ssl check command to verify whether the Chef SSL certificate is installed properly on your local machine. You should execute ssl check command inside the chef repository directory. If not, you'll get the “No knife configuration file found” error message as shown below.


1 Answers

There is some info here you can look at:

https://docs.chef.io/chef_client_security.html

With Chef 12 you need to run the command:

knife ssl fetch

Alternately you can turn of ssl verification in the knife.rb file with this setting:

ssl_verify_mode    :verify_none
like image 196
Alex Manly Avatar answered Sep 27 '22 18:09

Alex Manly