-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to bootstrap with windows-winrm over ssl #315
Comments
That is a terrible error message which should be fixed. I think the problem is that you need to use the .pem file and not the .pfx file in your bootstrap command. |
My issue is fixed and I am leaving some closing notes for other Chef users.
Thanks mwrock for the help! |
I'm reopening just to make sure we get a better error message when passing in a |
see #316 to address some of the ambiguity around where commands should be run and which file to use with the bootstrap command. I have also added an issue (WinRb/WinRM#156) to the WinRM gem about better error messages when the wrong certificate format is used. I think this addresses most of the issues @echandradhas had bootstrapping her node not to mention possibly many others who have not filed issues. Working with @echandradhas offline to resolve her issue, we hit a couple other snags such as errors when the NIC connection type of the node is set to public. I don't think that topic is specifically related to this gem but it would be great to have a chef walk through tutorial on SSL setup that we could reference here. (cc @tpetchel ) Also note: I wrote a blog post covering alot of the typical hangups related to winrm/ssl setup but its not incredibly chef specific. I also need to add the connection type nuances. |
One final note here, I just blogged about changing internet connection to get around errors when trying to enable WinRM here and updated my winrm troubleshooting post to reference it. |
fixes #315 and adds a little clarity to the certificate related command instructions
I am trying to bootstrap a windows node with WinRM over ssl and it gives me a bare error. Any clues. I did the following steps before bootstrapping to configure ssl and that seem to work. Is this a known issue?
knife windows cert generate --cert-passphrase "test" --hostname "servername.domainname.local" --output-file "server_cert.pfx"
Generated Certificates:
Certificate Thumbprint: d05CdasdadadadadaCFC6
c:\Chef\devops>knife windows cert install "server_cert.pfx" --cert-passphrase "test"
Adding certificate to the Windows Certificate Store...
Certificate added to Certificate Store
c:\Chef\devops>knife windows listener create --cert-passphrase "test" --hostname "servername.domainname.local" --cert-thumbprint "d05CdasdadadadadaCFC6"
WinRM listener created with Port: 5986 and CertificateThumbprint: d05CdasdadadadadaCFC6
knife bootstrap windows winrm -t ssl servername.domainname.local -x "admin" -P "adminpass" -f "server_cert.pfx"
It gives me the following error
ERROR: OpenSSL::X509::StoreError:
The text was updated successfully, but these errors were encountered: