Subject: Re: [chef] Private CA Server / SSL Error

When are you encountering this issue? when trying to bootstrap?
I had a similar problem to this due to our internal PKI not being publicly signed when trying install ruby gems, I took a copy of that cacerts.pem file and added it to my base cookbook as a template so it gets applied to all my nodes. All of the root certs in this file will outlive most of my servers but a huge amount of time so I just update my template as new versions of the chef-client are updated.

Alternately if you don't want to do that you could put your certs in a file and then append them to the end of that cacert.pem file using echo cert.file >> /opt/chef/embedded/ssl/certs/cacerts.pem

  Mark Hugley 2019-05-03, 18:37
  Mark Hugley 2019-05-01, 13:48