Berks install SSL_Connect Certification Verify failed (Faraday:SSLError)

Question

As part of a cookbook(newbie) i am trying to write, i was using berks to install the dependencies from other cookbooks and eventually when i am running berks install, i am encountering certificate verification errors. Can any one help me to know what could be going wrong and how i could resolve this issue.Thank you

chef environment:

Chef Development Kit Version: 0.12.0 chef-client version: 12.8.1 berks version: 4.3.0 kitchen version: 1.6.0

berkshelf

berks -v 4.3.0

berks install - Error

/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient/ssl_socket.rb:46:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (Faraday::SSLError)
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient/ssl_socket.rb:46:in `ssl_connect'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient/ssl_socket.rb:24:in `create_socket'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient/session.rb:739:in `block in connect'
from /opt/chefdk/embedded/lib/ruby/2.1.0/timeout.rb:91:in `block in timeout'
from /opt/chefdk/embedded/lib/ruby/2.1.0/timeout.rb:101:in `call'
from /opt/chefdk/embedded/lib/ruby/2.1.0/timeout.rb:101:in `timeout'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient/session.rb:735:in `connect'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient/session.rb:497:in `query'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient/session.rb:170:in `query'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient.rb:1238:in `do_get_block'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.1/lib/httpclient.rb:1021:in `block in do_request'
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-2.7.

Possible duplicate of [Use Berkshelf with custom CA certificate](http://stackoverflow.com/questions/36236213/use-berkshelf-with-custom-ca-certificate) — StephenKing, Apr 14 '16 at 14:07
[Related or duplicate](http://stackoverflow.com/questions/25604784/chef-berkshelf3-proxy-settings-windows-platform/25605415#25605415) — Tensibai, Apr 14 '16 at 14:15
@StephenKing I tried setting my environment variable to the /opt/chefdk/embedded/ssl/certs. when i ran `knife client list` i was getting this error "WARNING: No knife configuration file found WARN: Failed to read the private key /etc/chef/client.pem: # ERROR: Your private key could not be loaded from /etc/chef/client.pem" — bablu, Apr 14 '16 at 15:15
Well, you haven't [configured knife](https://docs.chef.io/config_rb_knife.html).. — StephenKing, Apr 14 '16 at 15:59
Definitely a duplicate of that first one. Same answer applies. — coderanger, Apr 14 '16 at 16:49

score 12 · Accepted Answer · answered Apr 14 '16 at 19:53

chefdk is a collection of tools bundled up together, though you do not have to use it, i don't, and you can bundle them together yourself.

i assume you have a Gemfile within your chef repository. if you don't, then you can easily create one by executing bundle init. now use the Gemfile to specify which version of berkshelf you would like to use. once you have it, execute bundle install. if everything goes smoothly, bundle exec berks configure should work for you. you can configure it not to use ssl, or just place ~/.berkshelf/config.json with the following content:

{
  "ssl": {
    "verify": false
  }
}

hope this will resolve your issue.

Thank you @MrRoth. Turning down the ssl verification to false resolved my issue with downloading cookbook dependencies through berkshelf. — bablu, Apr 27 '16 at 21:27

score 2 · Answer 2 · answered Sep 19 '16 at 12:01

2

Here, using berks 4.3.5, the following worked :

{
  "ssl": {
    "verify": false
  },
  "ssl.verify": false
}

answered Sep 19 '16 at 12:01

Joris

21
1

Berks install SSL_Connect Certification Verify failed (Faraday:SSLError)

2 Answers2