How to properly configure berks to avoid certificate issues?

Question

I'm using chefDK with the following versions:

Chef Development Kit Version: 0.17.17
chef-client version: 12.13.37
delivery version: master (f68e5c5804cd7d8a76c69b926fbb261e1070751b)
berks version: 4.3.5
kitchen version: 1.11.1

Chef connection to the server seems to work fine with knife as I can run all the commands correctly. But when I run the

berks upload

command I get this error

Ridley::Errors::ClientError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

I had this problem also with the knife command but I resolved it when I copied my certificate in the default path ~/.chef/trusted_certs/

I can solve the problem with the certificate setting the environment variable SSL_CERT_FILE pointing to the certificate file but I cannot use this permanently because if it is set I have another error running the command

berks vendor

/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.2/lib/httpclient/ssl_socket.rb:46:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (Faraday::SSLError)

So basically I have to continuously set and unset that variable in order to work properly, which as can you imagine is quite annoying.

How can I configure properly berkshelf to work?

Thanks, Michele.

Answer 1

Unfortunately Berkshelf uses its own HTTP client layers so it doesn't (yet?) support Chef's trusted_certs/ folder. This means you have to do things the old-school OpenSSL way with $SSL_CERT_FILE or $SSL_CERT_DIR. As Tensibai mentioned, you would need to build a new trust DB for OpenSSL one way or another. It's not a direct equivalence but I will mention for the record that the Policyfile tools do support trusted_certs/.