LoginSignup
4

More than 5 years have passed since last update.

chefのssl verify warning

Posted at

man in the middle atack対策として、chef 11.12系からssl verifyが出来るようになった様です。

SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true

To check your SSL configuration, or troubleshoot errors, you can use the
knife ssl check command like so:

  knife ssl check -c /home/webadmin/chef-solo/solo.rb

ワーニングを放置するのもうざいので、言われた通り設定します。

対応

$ vim .chef/knife.rb

ssl_verify_mode :verify_peer

これでok

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
4