【发布时间】:2015-12-21 04:16:50
【问题描述】:
我正在尝试设置 chef-client 与来自 Opscode 的托管 Chef (v 12) 交谈,但遇到了 SSL 问题。我尝试了网络和 stackOverflow 上建议的所有内容(包括“knife ssl fetch”并添加“ssl_verify_mode :none”),但没有任何效果。我正在运行 Windows 7。我还尝试在 knife.rb 的路径中使用 \ 切换 /,但它仍然无法正常工作。
这是我运行knife ssl fetch和knife ssl check的输出
PS C:\Users\me\chef-repo> knife ssl fetch
WARNING: Certificates from api.chef.io will be fetched and placed in your trusted_cert
directory (c:\users\me\chef-repo\.chef\trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for *.opscode.com in c:\users\me\chef-repo\.chef\trusted_certs/wildcard_opscode_com.crt
Adding certificate for DigiCert SHA2 Secure Server CA in c:\users\me\chef-repo\.chef\trusted_certs/DigiCert_SHA2_S
ecure_Server_CA.crt
PS C:\Users\me\chef-repo> knife ssl check
Connecting to host api.chef.io:443
ERROR: The SSL certificate of api.chef.io could not be verified
Certificate issuer data: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.1l 15 Jan 2015
* Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/cert.pem
* Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: "C:/opscode/chefdk/embedded/ssl/certs/cacert.pem"
* trusted_certs_dir: "c:\\users\\me\\chef-repo\\.chef\\trusted_certs"
TO FIX THIS ERROR:
If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.
By default, the certificate is stored in the following location on the host
where your chef-server runs:
/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to your trusted_certs_dir (currently: c:\users\me\chef-repo\.chef\trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
PS C:\Users\me\chef-repo>
我不确定“OpenSSL 配置”输出是什么意思,但我的机器上没有任何 C:project 目录(在证书文件/目录中提到)。这可能是问题吗?我该如何解决?
【问题讨论】:
-
Stack Overflow 是一个编程和开发问题的网站。这个问题似乎离题了,因为它与编程或开发无关。请参阅帮助中心的What topics can I ask about here。也许Super User 或Unix & Linux Stack Exchange 会是一个更好的提问地方。另见Where do I post questions about Dev Ops?。
标签: openssl chef-infra knife