Reputation: 3609
SSL validation failure connecting to host
I am trying to upload some cookbooks on the chef-server. I am using my laptop as workstation, using hosted chef at opscode.com as chef-server. Now, when I try to upload cookbooks from my workstation to the chef-server, I get the following error:
ERROR: SSL Validation failure connecting to host: s3-external-1.amazonaws.com - SSL_connect returned=6 errno=0 state=SSLv3 read finished A ERROR: OpenSSL::SSL::SSLError: SSL_connect returned=6 errno=0 state=SSLv3 read finished A
I am using the cookbooks from rackspace private cloud: http://www.rackspace.com/knowledge_center/article/installing-openstack-with-rackspace-private-cloud-tools
I am using v4.2.1 of cookbooks. Please help me figure out the problem.
Thanks.
Upvotes: 2
Views: 5849
Answers (2)
Reputation: 1059
If you're merely doing a temporary test, you can disable the SSL verification by adding the 2 following lines in your knife.rb file:
verify_api_cert false
ssl_verify_mode :verify_none
But again, if you're setting up a real server, you should get a real certificate :)
Upvotes: 6
Reputation: 102205
ERROR: SSL Validation failure connecting to host: s3-external-1.amazonaws.com - SSL_connect returned=6 errno=0 state=SSLv3 read finished A ERROR: OpenSSL::SSL::SSLError: SSL_connect returned=6 errno=0 state=SSLv3 read finished A
Works for me.
Be sure you have and are trusting Class 3 Public Primary Certification Authority. You can get Class 3 Public Primary Certification Authority from Symantec's Licensing and Use of Root Certificates. In particular, fetch Root 3 VeriSign Class 3 Primary CA - G5.
Then, test it with OpenSSL's s_client. The root you downloaded and trusted is PCA-3G5.pem, and you supply it to OpenSSL via the -CAfile option:
$ openssl s_client -CAfile PCA-3G5.pem -connect s3-external-1.amazonaws.com:443
CONNECTED(00000003)
depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = Amazon.com Inc., CN = *.s3-external-1.amazonaws.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.s3-external-1.amazonaws.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
...
Start Time: 1392896325
Timeout : 300 (sec)
Verify return code: 0 (ok)
Upvotes: 6
Related Questions
- Chef apt_repository started failing with SSL verification errors
- Chef Error - SSL Validation failure connecting to host
- ssl validation error coming while doing chef client setup
- chef SSL Validation failure connecting to host after Chef Development Kit installation
- SSL validation failure - knife ec2 with chef 12
- WARNING: Failed to connect to ip-xxx-xx-xx-xx
- unable to ssl connect to chef-server from chef-workstation
- Bootstrapping error SSL Validation failure COMODO RSA cert
- SSLError while trying to create EC2 server with knife
- Chef Knife Rackspace OpenSSL::SSL::SSLSocket Error