knife ssl check
The knife ssl check subcommand is used to verify the SSL configuration for the Enterprise Chef and/or Open Source Chef servers, or at another location specified by a URL or URI.
Syntax
This subcommand has the following syntax:
Options
This subcommand has the following options:
- -a SSH_ATTR, --attribute SSH_ATTR
- The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname.
- -A, --forward-agent
- Indicates that SSH agent forwarding is enabled.
- -c CONFIG_FILE, --config CONFIG_FILE
- The configuration file to use.
- -C NUM, --concurrency NUM
- The number of allowed concurrent connections.
- --chef-zero-port PORT
- The port on which chef-zero will listen.
- --[no-]color
- Indicates whether colored output will be used.
- -d, --disable-editing
- Indicates that $EDITOR will not be opened; data will be accepted as-is.
- --defaults
- Indicates that Knife will use the default value, instead of asking a user to provide one.
- -e EDITOR, --editor EDITOR
- The $EDITOR that is used for all interactive commands.
- -E ENVIRONMENT, --environment ENVIRONMENT
- The name of the environment. When this option is added to a command, the command will run only against the named environment.
- -F FORMAT, --format FORMAT
- The output format: summary (default), text, json, yaml, and pp.
- -G GATEWAY, --ssh-gateway GATEWAY
- The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation.
- -h, --help
- Shows help for the command.
- -i IDENTITY_FILE, --identity-file IDENTIFY_FILE
- The SSH identity file used for authentication. Key-based authentication is recommended.
- -k KEY, --key KEY
- The private key that Knife will use to sign requests made by the API client to the Chef server.
- -m, --manual-list
- Indicates that a search query is a space-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: --manual-list "server01 server 02 server 03"
- --[no-]host-key-verify
- Use --no-host-key-verify to disable host key verification. Default setting: --host-key-verify.
- OTHER
- The shell type. Possible values: interactive, screen, tmux, macterm, or cssh. (csshx is deprecated in favor of cssh.)
- -p PORT, --ssh-port PORT
- The SSH port.
- -P PASSWORD, --ssh-password PASSWORD
- The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) Knife will prompt for the password.
- --print-after
- Indicates that data will be shown after a destructive operation.
- -s URL, --server-url URL
- The URL for the Chef server.
- SEARCH_QUERY
- The search query used to return a list of servers to be accessed using SSH and the specified SSH_COMMAND. This option uses the same syntax as the search sub-command.
- SSH_COMMAND
- The command that will be run against the results of a search query.
- -u USER, --user USER
- The user name used by Knife to sign requests made by the API client to the Chef server. Authentication will fail if the user name does not match the private key.
- -v, --version
- The version of the chef-client.
- -V, --verbose
- Set for more verbose outputs. Use -VV for maximum verbosity.
- -x USER_NAME, --ssh-user USER_NAME
- The SSH user name.
- -y, --yes
- Indicates that the response to all confirmation prompts will be “Yes” (and that Knife will not ask for confirmation).
- -z, --local-mode
- Indicates that the chef-client will be run in local mode, which allows all commands that work against the Chef server to also work against the local chef-repo.
Examples
The following examples show how to use this Knife subcommand:
Verify the SSL configuration for the Chef server
Verify the SSL configuration for the chef-client
$ knife ssl check -c /etc/chef/client.rb
Verify an external server’s SSL certificate
$ knife ssl check URL_or_URI
for example:
$ knife ssl check https://www.getchef.com
