ssl validation error coming while doing chef client setup

validation ssl chef-infra nodes
Pulkit picture Pulkit · Mar 18, 2015 · Viewed 20.8k times · Source

I am fairly new to Chef and have installed a chef server 11 on Node1, I have done successfully setup for workstation on Node2 and when I get user list I am getting all the user list

[root@Staging3 .chef]# knife user list
admin
root

But when I issue knife bootstrap I am getting following error.

[root@Staging3 .chef]# knife bootstrap 10.4.6.214 -x root -N slave1 --sudo
Doing old-style registration with the validation key at /opt/chef/chef-repo/.chef/chef-validator.pem...
Delete your validation key in order to use your user credentials instead

Connecting to X.X.X.X
[email protected]'s password: 
X.X.X.X Starting first Chef Client run...
X.X.X.X Starting Chef Client, version 12.1.1
X.X.X.X Creating a new client identity for slave1 using the validator key.
X.X.X.X [2015-03-19T00:42:00+05:30] ERROR: SSL Validation failure connecting to host: staging4.akosha.com - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
X.X.X.X 
X.X.X.X ================================================================================
X.X.X.X Chef encountered an error attempting to create the client "slave1"
X.X.X.X ================================================================================
X.X.X.X 
X.X.X.X [2015-03-19T00:42:00+05:30] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
X.X.X.X Chef Client failed. 0 resources updated in 6.045009421 seconds
X.X.X.X [2015-03-19T00:42:00+05:30] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
X.X.X.X [2015-03-19T00:42:00+05:30] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

I have read all the blog for doing client setup but haven't came across any solution, Any help would be appreciated in this....

I thought there might be some problem from my chef workstation but it wasn't

[root@Staging3 chef-repo]# knife ssl check -s https://staging4.akosha.com
Connecting to host staging4.akosha.com:443
Successfully verified certificates from `staging4.akosha.com'

Answer

Alex Manly picture Alex Manly · Mar 18, 2015

There is some info here you can look at:

https://docs.chef.io/chef_client_security.html

With Chef 12 you need to run the command: 

knife ssl fetch

Alternately you can turn of ssl verification in the knife.rb file with this setting:

ssl_verify_mode    :verify_none

Related questions

How to validate / verify an X509 Certificate chain of trust in Python?

I am working on implementing a web application that utilizes an API. During a response, the API server sends over a link to an X509 certificate (in PEM format, composed of a signing certificate and one or more intermediate certificates …

Read More
How to validate an email address in JavaScript

Is there a regular expression to validate an email address in JavaScript?

Read More
How to allow only numeric (0-9) in HTML inputbox using jQuery?

I am creating a web page where I have an input text field in which I want to allow only numeric characters like (0,1,2,3,4,5...9) 0-9. How can I do this using jQuery?

Read More