search

chef / knife-windows

Plugin for Chef's knife tool for working with Windows nodes
Apache License 2.0
152 stars 110 forks source link

Certificate error on windows machine bootstrap #408

Closed Roviluca closed 7 years ago

Roviluca commented 7 years ago

Hello, I'm having some trouble bootstrapping windows machines because of this error on ssl certificates:

knife bootstrap windows winrm servername -E environment -x 'domain\user' -r 'role[xxx]' 

INFO: *** Chef 12.15.19 ***
INFO: Platform: x64-mingw32
INFO: Chef-client pid: 2040
INFO: Client key C:\chef\client.pem is not present - registering
ERROR: SSL Validation failure connecting to host: mychefserver.domain.lcl - SSL_connect returned=1 errno=0 state=error: certificate verify failed

================================================================================
Chef encountered an error attempting to create the client "servername.domain.lcl"
================================================================================

Platform:
---------
x64-mingw32

ERROR: Running exception handlers
ERROR: Exception handlers complete
FATAL: Stacktrace dumped to c:/chef/cache/chef-stacktrace.out
FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
FATAL: OpenSSL::SSL::SSLError: SSL Error connecting to https://mychefserver.domain.lcl/organizations/org_name/clients - SSL_connect returned=1 errno=0 state=error: certificateverify failed
ERROR: Failed to execute command on servername return code 1

this error started when we upgraded to chefdk 0.19.6 from 0.15.16 (skipped the other versions between the two). i think this is caused by chefdk not copying trusted certs to the bootrapped machine because the workaround to copy trusted_certs manually worked. I expect to have the trusted cert folder copied from my local machine to the bootstrapped windows node.

here some additional details on versions: working one:

> chef -v
Chef Development Kit Version: 0.15.16
chef-client version: 12.11.18
delivery version: master (444effdf9c81908795e88157f01cd667a6c43b5f)
berks version: 4.3.5
kitchen version: 1.10.0

> chef gem  list knife-windows
*** LOCAL GEMS ***

knife-windows (1.7.0, 1.4.1)

not working one:

> chef -v
Chef Development Kit Version: 0.19.6
chef-client version: 12.15.19
delivery version: master (802e801d920ea6b6d48db735aa7c6e7a6194bea4)
berks version: 5.1.0
kitchen version: 1.13.2
> chef gem list knife-windows

*** LOCAL GEMS ***

knife-windows (1.7.0)

Thanks.

jdpc02 commented 7 years ago

Take a look at issue 404. There is a fix in there for this issue. I have requested that the fix be incorporated in the next build.

Roviluca commented 7 years ago

thanks, I'll close this one and join you on issue #404 .