hosted Chef (12)的SSL问题(Windows)

Question

我正在尝试设置chef-client与来自Opscode的托管厨师(版本12)交谈，但遇到了SSL问题。我尝试了网上和stackOverflow上的所有建议(包括"knife ssl fetch“和添加"ssl_verify_mode :none")，但都不起作用。我运行的是Windows7。我也尝试过在knife.rb的路径中切换/和\，但仍然不起作用。

下面是我运行knife ssl fetch和knife ssl check的输出

PS C:\Users\me\chef-repo> knife ssl fetch
WARNING: Certificates from api.chef.io will be fetched and placed in your trusted_cert
directory (c:\users\me\chef-repo\.chef\trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for *.opscode.com in c:\users\me\chef-repo\.chef\trusted_certs/wildcard_opscode_com.crt
Adding certificate for DigiCert SHA2 Secure Server CA in c:\users\me\chef-repo\.chef\trusted_certs/DigiCert_SHA2_S
ecure_Server_CA.crt



PS C:\Users\me\chef-repo> knife ssl check
Connecting to host api.chef.io:443
ERROR: The SSL certificate of api.chef.io could not be verified
Certificate issuer data: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1l 15 Jan 2015
* Certificate file: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/cert.pem
* Certificate directory: C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: "C:/opscode/chefdk/embedded/ssl/certs/cacert.pem"
* trusted_certs_dir: "c:\\users\\me\\chef-repo\\.chef\\trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

  /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: c:\users\me\chef-repo\.chef\trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.

PS C:\Users\me\chef-repo>

我不确定"OpenSSL Configuration“输出是什么意思，但是我的机器上没有任何C:project dir (在证书文件/目录中提到)。这可能是问题所在吗？我怎么才能修复它？

Answer 1

喂，我之前遇到了这个错误。我认为你可能错过了Ruby本身的一个证书。

简而言之，你需要升级证书，然后就到此为止。看看这些指南中的一个：

https://gist.github.com/fnichol/867550#the-manual-way-boring

将证书下载到.chef/trusted_certs中

1. Kn刀ssl fetch