I'm using chefDK with the following versions:
Chef Development Kit Version: 0.17.17
chef-client version: 12.13.37
delivery version: master (f68e5c5804cd7d8a76c69b926fbb261e1070751b)
berks version: 4.3.5
kitchen version: 1.11.1
Chef connection to the server seems to work fine with knife as I can run all the commands correctly. But when I run the
berks upload
command I get this error
Ridley::Errors::ClientError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
I had this problem also with the knife command but I resolved it when I copied my certificate in the default path ~/.chef/trusted_certs/
I can solve the problem with the certificate setting the environment variable SSL_CERT_FILE pointing to the certificate file but I cannot use this permanently because if it is set I have another error running the command
berks vendor
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.2/lib/httpclient/ssl_socket.rb:46:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (Faraday::SSLError)
So basically I have to continuously set and unset that variable in order to work properly, which as can you imagine is quite annoying.
How can I configure properly berkshelf to work?
Thanks, Michele.
Unfortunately Berkshelf uses its own HTTP client layers so it doesn't (yet?) support Chef's trusted_certs/
folder. This means you have to do things the old-school OpenSSL way with $SSL_CERT_FILE
or $SSL_CERT_DIR
. As Tensibai mentioned, you would need to build a new trust DB for OpenSSL one way or another. It's not a direct equivalence but I will mention for the record that the Policyfile tools do support trusted_certs/
.