sslchef-infraberkshelf

Use Berkshelf with custom CA certificate


I have a custom Chef server on premises with a TLS certificate that is signed by our own CA server. I added the CA certificate to .chef/trusted_certs and now knife ssl verify works fine.

But when I try to upload cookbooks using Berksfile I run into the following error:

$ berks upload
E, [2016-03-26T15:02:18.290419 #8629] ERROR -- : Ridley::Errors::ClientError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
E, [2016-03-26T15:02:18.291025 #8629] ERROR -- : /Users/chbr/.rvm/gems/ruby-2.3-head@global/gems/celluloid-0.16.0/lib/celluloid/responses.rb:29:in `value'

I have tried to append the CA certificate to /ops/chefdk/embedded/ssl/certs/cabundle.pem but it made no difference.


Solution

  • Create a custom CA bundle file and then set $SSL_CERT_FILE (or $SSL_CERT_DIR if you want to use that format) in your environment.