我目前正在运行Chef服务器。
有两种方法可以访问服务器:
<HOSTNAME_OF_SERVER_OR_FQDN>
OR
<ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME>
当我尝试运行knife ssl check时,我得到:
root@host:/opt/chef-server/embedded/jre# knife ssl check
Connecting to host <ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME>:443
ERROR: The SSL certificate of <HOSTNAME_OF_SERVER_OR_FQDN> could not be verified
Certificate issuer data: /C=US/ST=MA/L=Boston/O=YouCorp/OU=Operations/CN=<HOSTNAME_OF_SERVER_OR_FQDN>.com/[email protected]
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.1p 9 Jul 2015
* Certificate file: /opt/chefdk/embedded/ssl/cert.pem
* Certificate directory: /opt/chefdk/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/.chef/trusted_certs"
我希望knife ssl check命令成功。基本上我希望它能够使用<ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME>成功连接
如何将CNAME添加到我认为是/opt/chefdk/embedded/ssl/cert.pem的当前证书中?
关于证书文件的一个奇怪的方面是,当我尝试读取它并为主机名或CNAMES grep时,我找不到:
# /opt/chef-server/embedded/jre/bin/keytool -printcert -file /opt/chefdk/embedded/ssl/cert.pem | grep <ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME>
No result
# /opt/chef-server/embedded/jre/bin/keytool -printcert -file /opt/chefdk/embedded/ssl/cert.pem | grep <HOSTNAME_OF_SERVER_OR_FQDN>
No result
this is how i did it in the past
可以将Chef服务器配置为通过将以下设置添加到服务器配置文件来使用SSL证书
例如:
nginx['ssl_certificate'] = "/etc/pki/tls/certs/your-host.crt"nginx['ssl_certificate_key'] = "/etc/pki/tls/private/your-host.key"保存该文件,然后运行以下命令:
$ sudo chef-server-ctl reconfigure