IIS configure HTTPs Error（OpenSSL）

[peterMaa]

Hellow, Error happend when ran webgis-windows.json on Winserver 2012r2，Error info“No such file or directory - C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/openssl.cnf”，need install OpenSSL alone？ ps output: {

• windows_feature[IIS-WebServerRole] action install
  • windows_feature_dism[IIS-WebServerRole] action install (up to date) (up to date)
• windows_feature[IIS-ApplicationDevelopment] action install
  • windows_feature_dism[IIS-ApplicationDevelopment] action install (up to date) (up to date)
• windows_feature[IIS-ISAPIFilter] action install
  • windows_feature_dism[IIS-ISAPIFilter] action install (up to date) (up to date)
• windows_feature[IIS-ISAPIExtensions] action install
  • windows_feature_dism[IIS-ISAPIExtensions] action install (up to date) (up to date)
• windows_feature[NetFx4Extended-ASPNET45] action install
  • windows_feature_dism[NetFx4Extended-ASPNET45] action install (up to date) (up to date)
• windows_feature[IIS-NetFxExtensibility45] action install
  • windows_feature_dism[IIS-NetFxExtensibility45] action install (up to date) (up to date)
• windows_feature[IIS-ASPNET45] action install
  • windows_feature_dism[IIS-ASPNET45] action install (up to date) (up to date)
• windows_feature[IIS-WebServerManagementTools] action install
  • windows_feature_dism[IIS-WebServerManagementTools] action install (up to date) (up to date)
• windows_feature[IIS-ManagementConsole] action install
  • windows_feature_dism[IIS-ManagementConsole] action install (up to date) (up to date)
• windows_feature[IIS-ManagementService] action install
  • windows_feature_dism[IIS-ManagementService] action install (up to date) (up to date)
• windows_feature[IIS-IIS6ManagementCompatibility] action install
  • windows_feature_dism[IIS-IIS6ManagementCompatibility] action install (up to date) (up to date)
• windows_feature[IIS-ManagementScriptingTools] action install
  • windows_feature_dism[IIS-ManagementScriptingTools] action install (up to date) (up to date)
• windows_feature[IIS-StaticContent] action install
  • windows_feature_dism[IIS-StaticContent] action install (up to date) (up to date)
• windows_feature[IIS-BasicAuthentication] action install
  • windows_feature_dism[IIS-BasicAuthentication] action install (up to date) (up to date)
• windows_feature[IIS-WindowsAuthentication] action install
  • windows_feature_dism[IIS-WindowsAuthentication] action install (up to date) (up to date)
• windows_feature[IIS-Metabase] action install
  • windows_feature_dism[IIS-Metabase] action install (up to date) (up to date)
• windows_service[W3SVC] action enable (up to date)
• windows_service[W3SVC] action start (up to date)

• openssl_x509[C:\keystore\mydomain_com.pem] action create

  ================================================================================ Error executing action create on resource 'openssl_x509[C:\keystore\mydomain_com.pem]'

  ================================================================================ Error executing action create on resource 'openssl_x509[C:\keystore\mydomain_com.pem]'

  Errno::ENOENT

  No such file or directory - C:/projects/openssl/knap-build/var/knapsack/software/x86-windows/openssl/1.0.1p/ssl/openssl.cnf

  Cookbook Trace:

  C:\chef\cookbooks\openssl\resources\x509.rb:111:in new' C:\chef\cookbooks\openssl\resources\x509.rb:111:increate_keys' C:\chef\cookbooks\openssl\resources\x509.rb:20:in block (2 levels) in class_from_file' C:\chef\cookbooks\openssl\resources\x509.rb:19:inblock in class_from_file'

  Resource Declaration:

  In C:\chef\cookbooks\esri-iis\recipes\default.rb

  42: openssl_x509 node['arcgis']['iis']['keystore_file'].gsub(/.pfx/, '.pem') do 43: common_name node['arcgis']['iis']['domain_name'] 44: org 'test' 45: org_unit 'dev' 46: country 'US' 47: expire 365 48: only_if { !::File.exist?(node['arcgis']['iis']['keystore_file']) } 49: notifies :run, 'ruby_block[Convert to PKCS12]', :immediately 50: end 51:

  Compiled Resource:

  Declared in C:\chef\cookbooks\esri-iis\recipes\default.rb:42:in `from_file'

  openssl_x509("C:\keystore\mydomain_com.pem") do action [:create] retries 0 retry_delay 2 default_guard_interpreter :default declared_type :openssl_x509 cookbook_name :"esri-iis" recipe_name "default" common_name "Sandbox.arcgisonline.cn" org "test" org_unit "dev" country "US" expire 365 key_file "C:\keystore/mydomain_com.key" only_if { #code block } end Running handlers: [2017-05-04T09:22:09+08:00] ERROR: Running exception handlers Running handlers complete [2017-05-04T09:22:09+08:00] ERROR: Exception handlers complete Chef Client failed. 9 resources updated in 01 minutes 25 seconds [2017-05-04T09:22:09+08:00] FATAL: Stacktrace dumped to C:/chef/cache/chef-stacktrace.out [2017-05-04T09:22:09+08:00] FATAL: Errno::ENOENT: openssl_x509[C:\keystore\mydomain_com.pem] (esri-iis::default line 4 had an error: Errno::ENOENT: No such file or directory - C:/projects/openssl/knap-build/var/knapsack/software/x86-win ws/openssl/1.0.1p/ssl/openssl.cnf }

[pbobov]

esri-iis and arcgis-enterprise cookbooks only support SSL certificates in PKCS12 format (*.pfx certificate files with private key).

Though this issue probably caused by a different problem. It looks like Chef is using OpenSSL from C:/projects/openssl instead of using the one embedded in Chef-Client.

[peterMaa]

Thx，my Chef-Client v12.5.1，i finished the webgis-windows installation by skipping all the ‘Configure HTTPS’。