{"id":1134,"date":"2014-12-28T10:00:10","date_gmt":"2014-12-28T16:00:10","guid":{"rendered":"http:\/\/www.nathanhunstad.com\/blog\/?p=1134"},"modified":"2014-12-28T10:03:35","modified_gmt":"2014-12-28T16:03:35","slug":"replacing-chefs-self-signed-certificates","status":"publish","type":"post","link":"https:\/\/www.nathanhunstad.com\/blog\/2014\/12\/replacing-chefs-self-signed-certificates\/","title":{"rendered":"Replacing Chef’s self-signed certificates"},"content":{"rendered":"

Having gotten my home network and logging<\/a> to a point where I wanted it, my next project was going to be Chef. Life intervened before I got too much involved with Chef, but now that things are approaching a sense of normalcy, I\u2019m trying to pick up where I left off. My ultimate goal is to set up my CentOS server as a Chef server, and control my virtual machines via Chef automation. One minor speed bump along the way was the web interface for Chef, which uses self-signed certificates and so gave me the annoying warning when accessing it. I fixed that problem by replacing the certs with my own, below the fold.<\/p>\n

<\/p>\n

Chef server is itself configured by Chef, which makes it not too difficult to make changes. However, I still had some problems with figuring out where to put the certificates so that nginx, the web server that Chef uses, could find them. After messing around for a bit, I came across this excellent tutorial<\/a>. Using the PKI hierarchy I set up earlier<\/a>, I created a new key, signed it, installed it, and pointed Chef at that location.<\/p>\n

Before everything worked, I had to make one minor tweak: Chef uses the fully-qualified domain name (FQDN) as the server name. Ohai grabs this from the hosts file, and I had \u201clocalhost\u201d set as the first hostname, which is the one it grabs. That\u2019s not the name on the certificate, so I had move my server name first in the hosts file, before localhost. Easy enough.<\/p>\n

With all that in place and a \u201cchef-server-ctl reconfigure\u201d command executed, I have a proper certificate path in place. Next time, I hope to start making some recipes to create my VMs.<\/p>\n","protected":false},"excerpt":{"rendered":"

Having gotten my home network and logging to a point where I wanted it, my next project was going to be Chef. Life intervened before I got too much involved with Chef, but now that things are approaching a sense of normalcy, I\u2019m trying to pick up where I left off. My ultimate goal is… Continue reading Replacing Chef’s self-signed certificates<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[267,259],"class_list":["post-1134","post","type-post","status-publish","format-standard","hentry","category-tech-2","tag-chef","tag-pki","entry"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t