我正在尝试在厨师服务器上上传一些食谱。我使用我的笔记本电脑作为工作站,使用opscode.com上的托管主厨作为主厨服务器。现在,当我尝试将cookbook从我的工作站上传到chef-server时,我收到以下错误:
错误:连接到主机的SSL验证失败:s3-external-1.amazonaws.com - SSL_connect返回= 6 errno = 0状态= SSLv3读取完成A 错误:OpenSSL :: SSL :: SSLError:SSL_connect返回= 6 errno = 0状态= SSLv3读完了A
我正在使用rackspace私有云中的cookbook:http://www.rackspace.com/knowledge_center/article/installing-openstack-with-rackspace-private-cloud-tools
我正在使用烹饪书的v4.2.1。请帮我弄清楚问题所在。
感谢。
答案 0 :(得分:6)
错误:连接到主机的SSL验证失败: s3-external-1.amazonaws.com - SSL_connect返回= 6 errno = 0 state = SSLv3 read finished A ERROR:OpenSSL :: SSL :: SSLError:SSL_connect 返回= 6 errno = 0状态= SSLv3读完了A
适合我。
确保您拥有并信任Class 3 Public Primary Certification Authority
。您可以从赛门铁克Licensing and Use of Root Certificates获取Class 3 Public Primary Certification Authority
。特别是,请抓取Root 3 VeriSign Class 3 Primary CA - G5。
然后,使用OpenSSL的s_client
进行测试。您下载并信任的根目录为PCA-3G5.pem
,您可以通过-CAfile
选项将其提供给OpenSSL:
$ openssl s_client -CAfile PCA-3G5.pem -connect s3-external-1.amazonaws.com:443
CONNECTED(00000003)
depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 Secure Server CA - G3
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = Amazon.com Inc., CN = *.s3-external-1.amazonaws.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=*.s3-external-1.amazonaws.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
...
Start Time: 1392896325
Timeout : 300 (sec)
Verify return code: 0 (ok)
答案 1 :(得分:6)
如果您只是进行临时测试,可以通过在 knife.rb 文件中添加以下两行来禁用SSL验证:
verify_api_cert false
ssl_verify_mode :verify_none
但是,如果你要建立一个真正的服务器,你应该得到一个真正的证书:)