Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inspec failing to connect to Compliance (SSL certificate error) #531

Closed
iiro opened this issue Mar 10, 2016 · 5 comments
Closed

inspec failing to connect to Compliance (SSL certificate error) #531

iiro opened this issue Mar 10, 2016 · 5 comments

Comments

@iiro
Copy link

iiro commented Mar 10, 2016

Hi,

is there a way around to make inspect accept self-signed SSL-certificates?

# inspec compliance login https://my.hostname --user=username --password=pass
/opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:923:in `block in connect'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:923:in `connect'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:852:in `start'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:583:in `start'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/bundles/inspec-compliance/api.rb:128:in `send_request'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/bundles/inspec-compliance/api.rb:104:in `post'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/bundles/inspec-compliance/api.rb:18:in `login'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/bundles/inspec-compliance/cli.rb:17:in `login'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:115:in `invoke'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:235:in `block in subcommand'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/bin/inspec:166:in `<top (required)>'
    from /opt/chefdk/embedded/bin/inspec:22:in `load'
    from /opt/chefdk/embedded/bin/inspec:22:in `<main>'
@srenatus
Copy link
Contributor

Hello @iiro!

Thanks for your report. Indeed, Inspec 0.15.0 has an --insecure flag for this:

$ inspec compliance help login
Usage:
  inspec login SERVER --password=PASSWORD --user=USER

Options:
      --user=USER                   # Chef Compliance Username
      --password=PASSWORD           # Chef Compliance Password
  k, [--insecure], [--no-insecure]  # Explicitly allows InSpec to perform "insecure" SSL connections and transfers

Log in to a Chef Compliance SERVER
$

Does that work for you?

Cheers
Stephan

@iiro
Copy link
Author

iiro commented Mar 10, 2016

Super! Works like charm! :)

Thanks @srenatus ! :)

@iiro iiro closed this as completed Mar 10, 2016
@srenatus
Copy link
Contributor

Good to hear. 👍

@iiro
Copy link
Author

iiro commented Mar 14, 2016

Hi @srenatus,

should this apply for inspec compliance exec too? We're getting this error when trying to run exec with a remote Compliance profile...

 # inspec compliance exec cis/cis-ubuntu-level1 -t ssh://ubuntu@hostname -i ~/.ssh/keypair_ec2 --sudo --insecure
/opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:923:in `block in connect'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:923:in `connect'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:852:in `start'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:313:in `open_http'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:724:in `buffer_open'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:210:in `block in open_loop'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:208:in `catch'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:208:in `open_loop'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:149:in `open_uri'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:704:in `open'
    from /opt/chefdk/embedded/lib/ruby/2.1.0/open-uri.rb:34:in `open'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/fetchers/url.rb:69:in `download_archive'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/fetchers/url.rb:97:in `initialize'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/fetchers/url.rb:22:in `new'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/fetchers/url.rb:22:in `resolve'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/bundles/inspec-compliance/target.rb:31:in `resolve'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/utils/plugin_registry.rb:18:in `block in resolve'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/utils/plugin_registry.rb:17:in `each'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/utils/plugin_registry.rb:17:in `resolve'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/inspec/profile.rb:19:in `resolve_target'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/inspec/profile.rb:34:in `for_target'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/inspec/runner.rb:50:in `add_target'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:69:in `block in run_tests'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:69:in `each'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/utils/base_cli.rb:69:in `run_tests'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/lib/bundles/inspec-compliance/cli.rb:49:in `exec'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:115:in `invoke'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:235:in `block in subcommand'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
    from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/inspec-0.15.0/bin/inspec:165:in `<top (required)>'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/bin/inspec:22:in `load'
    from /Users/iiro/.chefdk/gem/ruby/2.1.0/bin/inspec:22:in `<main>'

@iiro
Copy link
Author

iiro commented Mar 19, 2016

...or shall I raise a new issue? Has anyone bumped into this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@srenatus @iiro