Why does Chef throw SSL error when using knife Command on Chef-Workstation?

Question

SSL error occurs when we use the knife command to verify successful setup of the Chef-Workstation or when we try to upload a Chef-Cookbook. Using the following commands :

knife client list
knife node list
knife cookbook upload cookbookname

we get the following error on the Chef-Workstation:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol

To resolve this error we tried using rackfile software to create following 3 files:

hostname.key
hostname.pem
hostname.crt

on the Chef-Server.

We placed hostname.pem inside the chef folder on the server itself and inside certs folder on the workstation. Finally we tried to run the commands once again but did not succeed. Any help to resolve the SSL error will be sincerely appreciated.

Answer 1

The Chef Server certificate has not yet been pulled into the workstation's trusted_certs directory.

Run the command knife ssl fetch from your Chef Workstation. This will pull the certificate from the Chef Server and place it in the Workstation's trusted_certs directory. The default location of the trusted_certs is in your .chef/trusted_certs directory within your chef-repo directory.

Then run knife ssl check to verify the certificate.

Certificates that are in the trusted_certs directory will be trusted by any execution of the knife command.

https://docs.chef.io/workstation/getting_started/#get-ssl-certificates

Answer 2

You need to register that certificate on each workstation. Also, make sure the certificate matches the correct URL (i.e. the API endpoint, not the web interface)