Add custom signed certificates to Chef server 12
Pretty simple request and a simple answer.
Under /etc/opscode is a probably empty file called chef-server.rb you can append the following values or run the below script (substituting your certificate and key names) if the file is empty.
1 2 3 4 5 6 |
cat >/etc/opscode/chef-server.rb <<EOL nginx['ssl_certificate'] = "/etc/pki/tls/private/<your-certificate-file>.cer" nginx['ssl_certificate_key'] = "/etc/pki/tls/private/<your-private-key-file>.key" nginx['ssl_ciphers'] = "HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK" nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" EOL |
If this is a fresh OS install you may need to make the directory /etc/pki/tls/private before you move your certificate files.
1 |
mkdir -p /etc/pki/tls/private |
Once this is done, run;
1 2 |
chef-server-ctl reconfigure opscode-manage-ctl reconfigure |
Complete!