我試圖在廚師服務器上上傳一些食譜。我使用我的筆記本電腦作爲工作站,使用opscode.com的託管廚師作爲廚師服務器。現在,當我嘗試將工作簿從工作站上傳到主廚服務器時,出現以下錯誤:連接到主機的SSL驗證失敗
錯誤:連接到主機的SSL驗證失敗:s3-external-1.amazonaws.com - SSL_connect返回= 6錯誤號= 0狀態=讀的SSLv3做到A 錯誤:OpenSSL的:: SSL :: SSLError:所以SSL_connect返回= 6錯誤號= 0狀態= SSLv3的讀取完成一個
我使用的Rackspace公司的私有云的食譜:http://www.rackspace.com/knowledge_center/article/installing-openstack-with-rackspace-private-cloud-tools
我正在使用食譜的v4.2.1。請幫我弄清楚這個問題。
謝謝。
ERROR: SSL Validation failure connecting to host: s3-external-1.amazonaws.com - SSL_connect returned=6 errno=0 state=SSLv3 read finished A ERROR: OpenSSL::SSL::SSLError: SSL_connect returned=6 errno=0 state=SSLv3 read finished A
適合我。
確保您擁有並信任Class 3 Public Primary Certification Authority。您可以從Symantec的Licensing and Use of Root Certificates獲得Class 3 Public Primary Certification Authority。具體來說,取Root 3 VeriSign Class 3 Primary CA - G5。
然後,用OpenSSL的s_client進行測試。您下載並信任的根源是PCA-3G5.pem,你通過-CAfile選項它提供給OpenSSL的:
$ openssl s_client -CAfile PCA-3G5.pem -connect s3-external-1.amazonaws.com:443
CONNECTED(00000003)
depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = Amazon.com Inc., CN = *.s3-external-1.amazonaws.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.s3-external-1.amazonaws.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
...
Start Time: 1392896325
Timeout : 300 (sec)
Verify return code: 0 (ok)
如果你只是做一個臨時的測試,您可以通過添加在2個以下行禁用SSL驗證您knife.rb文件:
verify_api_cert false
ssl_verify_mode :verify_none
但同樣,如果你建立一個真正的服務器,你應該得到一個真正的證書:)
爲我工作。謝謝你的幫助! – Pensu
非常感謝SOOO不推薦用戶關閉SSL驗證:) – sethvargo
@sethvargo - 從不。我咬牙切齒地談論信任公共CA;)。 (我寫這些:[證書和公鑰密碼](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning)和[Pinning Cheat Sheet](https://www.owasp.org/index.php/ Pinning_Cheat_Sheet))。 – jww