Pen*_*nsu 2 ssl openssl rackspace amazon-web-services chef-infra
我想在厨师服务器上上传一些食谱.我使用我的笔记本电脑作为工作站,使用opscode.com的托管主厨作为主厨服务器.现在,当我尝试将cookbook从我的工作站上传到chef-server时,我收到以下错误:
错误:SSL验证失败连接到主机:s3-external-1.amazonaws.com - SSL_connect返回= 6 errno = 0状态= SSLv3读取完成错误:OpenSSL :: SSL :: SSLError:SSL_connect返回= 6 errno = 0状态= SSLv3读完了A.
我正在使用来自rackspace私有云的cookbook:http://www.rackspace.com/knowledge_center/article/installing-openstack-with-rackspace-private-cloud-tools
我正在使用v4.2.1的烹饪书.请帮我弄清楚问题所在.
谢谢.
错误:SSL验证失败连接到主机:s3-external-1.amazonaws.com - SSL_connect返回= 6 errno = 0状态= SSLv3读取完成错误:OpenSSL :: SSL :: SSLError:SSL_connect返回= 6 errno = 0状态= SSLv3读完了A.
适合我.
确保你拥有并且信任Class 3 Public Primary Certification Authority.您可以Class 3 Public Primary Certification Authority从Symantec的许可和根证书使用中获得.特别是,获取Root 3 VeriSign Class 3主CA-G5.
然后,用OpenSSL测试它s_client.您下载并信任的根PCA-3G5.pem,并通过以下-CAfile选项将其提供给OpenSSL :
$ openssl s_client -CAfile PCA-3G5.pem -connect s3-external-1.amazonaws.com:443
CONNECTED(00000003)
depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = Amazon.com Inc., CN = *.s3-external-1.amazonaws.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.s3-external-1.amazonaws.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
...
Start Time: 1392896325
Timeout : 300 (sec)
Verify return code: 0 (ok)
如果您只是进行临时测试,可以通过在knife.rb文件中添加以下两行来禁用SSL验证:
verify_api_cert false
ssl_verify_mode :verify_none
但是,如果你正在建立一个真正的服务器,你应该得到一个真正的证书:)
| 归档时间: |
|
| 查看次数: |
5054 次 |
| 最近记录: |