Information Technology Reference
In-Depth Information
dow. Also make sure that you remembered to click on the
Load JSON from Source
button,
and make sure the json tree rendered on the left matches the figure exactly.
Because we are using a self-signed certificate, we need to set one more attribute setting. We
need to tell the SSL library on the node that we trust the self-signed server certificate. In pro-
duction, you'd do this by writing a recipe that adds the custom certificate to the certificate
store. If you are using OpenSSL on your node, you will need to copy the certificate to the
SSL_CERT_DIR
, the directory where trusted certificates are stored, and run
c_rehash
to re-
gister the self-signed certificate.
Figure 10-7. Click on the icon to update the attribute setting in the json tree, then click on Save
Node
In our test setup, we simulate this with the synchronized folder we set up for the node that
we configured in
Chapter 9
. The synchronized folder makes the certificate we have in
chef-
repo/.chef/trusted_certs
locally on our host available on the node. This directory was set up
when you ran
knife ssl fetch
.
Go back to the Chef Server web interface, and add the
ssl_ca_file
attribute to the node.
Copy and paste the following JSON source:
{
"chef_client"
: {