CODEWITHSUNDEEP
opensslssl-certificatechef-infraknife
Grug
Grug

Reputation: 1890

Bootstrapping error SSL Validation failure COMODO RSA cert

I can't get chef to bootstrap a node. This is using a self-signed certificate.

Connecting to 10.100.248.13
10.100.248.13 Starting first Chef Client run...
10.100.248.13 Starting Chef Client, version 12.0.1
10.100.248.13 Creating a new client identity for bh-jb using the validator key.
10.100.248.13 [2014-12-15T19:26:03-08:00] ERROR: SSL Validation failure connecting to host: chefserver.domain.com - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:  certificate verify failed
10.100.248.13 
10.100.248.13 ================================================================================
10.100.248.13 Chef encountered an error attempting to create the client "bh-jb"
10.100.248.13 ================================================================================
10.100.248.13 
10.100.248.13 [2014-12-15T19:26:03-08:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
10.100.248.13 Chef Client failed. 0 resources updated in 1.776998404 seconds
10.100.248.13 [2014-12-15T19:26:03-08:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
10.100.248.13 [2014-12-15T19:26:03-08:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

Knife check

$ knife ssl check
Connecting to host chefserver.domain.com:443
Successfully verified certificates from `chefserver.domain.com'

Here is my knife.rb file.

# See http://docs.getchef.com/config_rb_knife.html for more information on knife configuration options

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "epardee"
client_key               "#{current_dir}/sysmonuser.pem"
validation_client_name   "sysmon-validator"
validation_key           "#{current_dir}/sysmon-validator.pem"
chef_server_url          "https://chefserver.domain.com/organizations/sysmon"
cache_type               'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path            ["#{current_dir}/../cookbooks"]

Downloaded the latest version of Chef DK

$ chef -v
Chef Development Kit Version: 0.3.5
$ knife -v
Chef: 11.18.0.rc.1

I've just spent an entire day trying to figure this out.

Upvotes: 0

Views: 3070

Answers (2)

slayedbylucifer
slayedbylucifer

Reputation: 23492

I believe this is what you are looking for: Chef 12: Fix Untrusted Self Signed Certificates

Chef has released above article yesterday. Chef server 12 has SSL verification enabled by default. And the SSL cert that comes with Chef server 12 is self signed one, you pribalby have to trust these certificates as explained in above article.

Upvotes: 0

coderanger
coderanger

Reputation: 54181

Are you using Chef 12 on your workstation? If so, it should copy over the trusted certs for you. This is a new feature in Chef 12, so if you are still on 11 or a pre-release version of 12 that would do it. Otherwise try running ssl check from the target node, not your workstation.

Upvotes: 1

Related Questions