{"id":1134,"date":"2014-12-28T10:00:10","date_gmt":"2014-12-28T16:00:10","guid":{"rendered":"http:\/\/www.nathanhunstad.com\/blog\/?p=1134"},"modified":"2014-12-28T10:03:35","modified_gmt":"2014-12-28T16:03:35","slug":"replacing-chefs-self-signed-certificates","status":"publish","type":"post","link":"https:\/\/www.nathanhunstad.com\/blog\/2014\/12\/replacing-chefs-self-signed-certificates\/","title":{"rendered":"Replacing Chef&#8217;s self-signed certificates"},"content":{"rendered":"<p>Having gotten my <a href=\"http:\/\/www.nathanhunstad.com\/blog\/2014\/08\/adventures-in-networking-setting-up-a-home-network-with-edgeos\/\" target=\"_blank\">home network and logging<\/a> to a point where I wanted it, my next project was going to be Chef. Life intervened before I got too much involved with Chef, but now that things are approaching a sense of normalcy, I\u2019m trying to pick up where I left off. My ultimate goal is to set up my CentOS server as a Chef server, and control my virtual machines via Chef automation. One minor speed bump along the way was the web interface for Chef, which uses self-signed certificates and so gave me the annoying warning when accessing it. I fixed that problem by replacing the certs with my own, below the fold.<\/p>\n<p><!--more--><\/p>\n<p>Chef server is itself configured by Chef, which makes it not too difficult to make changes. However, I still had some problems with figuring out where to put the certificates so that nginx, the web server that Chef uses, could find them. After messing around for a bit, I came across <a href=\"http:\/\/bealetech.com\/blog\/2013\/06\/14\/custom-ssl-certificates-with-chef-11-server\/\" target=\"_blank\">this excellent tutorial<\/a>. Using the PKI hierarchy <a href=\"http:\/\/www.nathanhunstad.com\/blog\/2014\/08\/setting-up-a-pki\/\" target=\"_blank\">I set up earlier<\/a>, I created a new key, signed it, installed it, and pointed Chef at that location.<\/p>\n<p>Before everything worked, I had to make one minor tweak: Chef uses the fully-qualified domain name (FQDN) as the server name. Ohai grabs this from the hosts file, and I had \u201clocalhost\u201d set as the first hostname, which is the one it grabs. That\u2019s not the name on the certificate, so I had move my server name first in the hosts file, before localhost. Easy enough.<\/p>\n<p>With all that in place and a \u201cchef-server-ctl reconfigure\u201d command executed, I have a proper certificate path in place. Next time, I hope to start making some recipes to create my VMs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Having gotten my home network and logging to a point where I wanted it, my next project was going to be Chef. Life intervened before I got too much involved with Chef, but now that things are approaching a sense of normalcy, I\u2019m trying to pick up where I left off. My ultimate goal is&hellip; <a class=\"more-link\" href=\"https:\/\/www.nathanhunstad.com\/blog\/2014\/12\/replacing-chefs-self-signed-certificates\/\">Continue reading <span class=\"screen-reader-text\">Replacing Chef&#8217;s self-signed certificates<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[267,259],"class_list":["post-1134","post","type-post","status-publish","format-standard","hentry","category-tech-2","tag-chef","tag-pki","entry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/comments?post=1134"}],"version-history":[{"count":2,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1134\/revisions"}],"predecessor-version":[{"id":1137,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1134\/revisions\/1137"}],"wp:attachment":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/media?parent=1134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/categories?post=1134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/tags?post=1134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}