Self-signed ssl cert doesn't work, even though it's in my trusted_certs dir

[wfindley]

I have my self-signed cert downloaded.

➜  knife ssl fetch                  
WARNING: Certificates from chef-virtualspring-iad.clearspring.local will be fetched and placed in your trusted_cert directory (/home/findley/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should verify the authenticity of these certificates after downloading.

Adding certificate for chef-virtualspring-iad.clearspring.local in /home/findley/.chef/trusted_certs/chef-virtualspring-iad_clearspring_local.crt

Knife ssl seems to check out.

➜  knife ssl check                  
Connecting to host chef-virtualspring-iad.clearspring.local:443
Successfully verified certificates from `chef-virtualspring-iad.clearspring.local'

But my container build fails.

➜  knife container docker build bill | grep SSL    
[2014-12-31T17:39:15+00:00] ERROR: SSL Validation failure connecting to host: chef-virtualspring-iad - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
[2014-12-31T17:39:15+00:00] ERROR: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
WARNING: Could not find a node named bill-build to delete!
WARNING: Could not find a client named bill-build to delete!

[vardaofthevalier]

I'm having the same problem right now, and can't seem to resolve it by simply regenerating the certificate on the Chef Server. Have you made any progress on this since you opened the issue?

[mar-io]

I fixed this by running 'knife ssl fetch'

This creates in your hidden chef folder .chef/trusted_certs

Copy that entire folder into the secure folder for the docker container that auto-generated In my case it was cp -r .chef/trusted_certs dockerfiles/sensu/chef/secure/.

[mar-io]

Or just make sure to run knife ssl fetch before you create the container with knife-container