【问题标题】:SSL issue with hosted Chef (12) (Windows)托管 Chef (12) (Windows) 的 SSL 问题
【发布时间】:2015-12-21 04:16:50
【问题描述】:

我正在尝试设置 chef-client 与来自 Opscode 的托管 Chef (v 12) 交谈,但遇到了 SSL 问题。我尝试了网络和 stackOverflow 上建议的所有内容(包括“knife ssl fetch”并添加“ssl_verify_mode :none”),但没有任何效果。我正在运行 Windows 7。我还尝试在 knife.rb 的路径中使用 \ 切换 /,但它仍然无法正常工作。

这是我运行knife ssl fetchknife ssl check的输出

PS C:\Users\me\chef-repo> knife ssl fetch
WARNING: Certificates from api.chef.io will be fetched and placed in your trusted_cert
directory (c:\users\me\chef-repo\.chef\trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for *.opscode.com in c:\users\me\chef-repo\.chef\trusted_certs/wildcard_opscode_com.crt
Adding certificate for DigiCert SHA2 Secure Server CA in c:\users\me\chef-repo\.chef\trusted_certs/DigiCert_SHA2_S
ecure_Server_CA.crt



PS C:\Users\me\chef-repo> knife ssl check
Connecting to host api.chef.io:443
ERROR: The SSL certificate of api.chef.io could not be verified
Certificate issuer data: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1l 15 Jan 2015
* Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/cert.pem
* Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: "C:/opscode/chefdk/embedded/ssl/certs/cacert.pem"
* trusted_certs_dir: "c:\\users\\me\\chef-repo\\.chef\\trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

  /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: c:\users\me\chef-repo\.chef\trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.

PS C:\Users\me\chef-repo>

我不确定“OpenSSL 配置”输出是什么意思,但我的机器上没有任何 C:project 目录(在证书文件/目录中提到)。这可能是问题吗?我该如何解决?

【问题讨论】:

标签: openssl chef-infra knife


【解决方案1】:

哎呀,我不久前遇到了这个错误。我认为您可能缺少 Ruby 本身的证书。

简短的版本是您需要升级证书并收工。查看以下指南之一:

https://gist.github.com/fnichol/867550#the-manual-way-boring

  1. 刀 ssl 获取
  2. 下载http://curl.haxx.se/ca/cacert.pem
  3. 将证书放入 .chef/trusted_certs

【讨论】:

    猜你喜欢
    • 2021-09-03
    • 2015-06-04
    • 1970-01-01
    • 2020-02-08
    • 2019-01-25
    • 2017-01-26
    • 1970-01-01
    • 2020-10-08
    • 1970-01-01
    相关资源
    最近更新 更多