gpt4 book ai didi

ssl - 修改 Chef Server 的 SSL 证书

转载 作者:太空宇宙 更新时间:2023-11-03 14:29:01 24 4
gpt4 key购买 nike

我目前正在运行 Chef 服务器。

有两种方式访问​​服务器:

<HOSTNAME_OF_SERVER_OR_FQDN>
OR
<ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME>

当我尝试运行 knife ssl check 时,我得到:

root@host:/opt/chef-server/embedded/jre# knife ssl check
Connecting to host <ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME>:443
ERROR: The SSL certificate of <HOSTNAME_OF_SERVER_OR_FQDN> could not be verified
Certificate issuer data: /C=US/ST=MA/L=Boston/O=YouCorp/OU=Operations/CN=<HOSTNAME_OF_SERVER_OR_FQDN>.com/emailAddress=you@example.com

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1p 9 Jul 2015
* Certificate file: /opt/chefdk/embedded/ssl/cert.pem
* Certificate directory: /opt/chefdk/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/.chef/trusted_certs"

我想要 knife ssl check命令成功。基本上我希望它能够使用 <ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME> 成功连接

如何将 CNAME 添加到我认为是 /opt/chefdk/embedded/ssl/cert.pem 的当前证书中?

关于证书文件的一个奇怪方面是,当我尝试读取它并用 grep 查找主机名或 CNAMES 时,我没有找到任何内容:

# /opt/chef-server/embedded/jre/bin/keytool  -printcert -file /opt/chefdk/embedded/ssl/cert.pem | grep <ACTUAL_URL_THAT_SHOULD_BE_OR_CNAME>
No result

# /opt/chef-server/embedded/jre/bin/keytool -printcert -file /opt/chefdk/embedded/ssl/cert.pem | grep <HOSTNAME_OF_SERVER_OR_FQDN>
No result

最佳答案

this is how i did it in the past

The Chef server can be configured to use SSL certificates by adding the following settings to the server configuration file

For example:

nginx['ssl_certificate'] = "/etc/pki/tls/certs/your-host.crt" nginx['ssl_certificate_key'] = "/etc/pki/tls/private/your-host.key"

Save the file, and then run the following command:

$ sudo chef-server-ctl reconfigure

关于ssl - 修改 Chef Server 的 SSL 证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54352490/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com