.\" Man page generated from reStructuredText. . .TH "KNIFE-SSL-CHECK" "1" "Chef 11.16" "" "knife ssl check" .SH NAME knife-ssl-check \- The man page for the knife ssl check subcommand. . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .sp The \fBknife ssl check\fP subcommand is used to verify the SSL configuration for the Enterprise Chef and/or Open Source Chef servers, or at another location specified by a URL or URI. .sp \fBWARNING:\fP .INDENT 0.0 .INDENT 3.5 When verification of a remote server\(aqs SSL certificate is disabled, the chef\-client will issue a warning similar to "SSL validation of HTTPS requests is disabled. HTTPS connections are still encrypted, but the chef\-client is not able to detect forged replies or man\-in\-the\-middle attacks." To configure SSL for the chef\-client, set \fBssl_verify_mode\fP to \fB:verify_peer\fP (recommended) \fBor\fP \fBverify_api_cert\fP to \fBtrue\fP in the client.rb file. .UNINDENT .UNINDENT .sp \fBSyntax\fP .sp This subcommand has the following syntax: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl check URI .ft P .fi .UNINDENT .UNINDENT .sp \fBOptions\fP .sp This subcommand has the following options: .INDENT 0.0 .TP .B \fB\-a SSH_ATTR\fP, \fB\-\-attribute SSH_ATTR\fP The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname. .TP .B \fB\-A\fP, \fB\-\-forward\-agent\fP Use to enable SSH agent forwarding. .TP .B \fB\-c CONFIG_FILE\fP, \fB\-\-config CONFIG_FILE\fP The configuration file to use. .TP .B \fB\-C NUM\fP, \fB\-\-concurrency NUM\fP The number of allowed concurrent connections. .TP .B \fB\-\-chef\-zero\-port PORT\fP The port on which chef\-zero will listen. .TP .B \fB\-\-[no\-]color\fP Use to view colored output. .TP .B \fB\-d\fP, \fB\-\-disable\-editing\fP Use to prevent the $EDITOR from being opened and to accept data as\-is. .TP .B \fB\-\-defaults\fP Use to have knife use the default value instead of asking a user to provide one. .TP .B \fB\-e EDITOR\fP, \fB\-\-editor EDITOR\fP The $EDITOR that is used for all interactive commands. .TP .B \fB\-E ENVIRONMENT\fP, \fB\-\-environment ENVIRONMENT\fP The name of the environment. When this option is added to a command, the command will run only against the named environment. .TP .B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP The output format: \fBsummary\fP (default), \fBtext\fP, \fBjson\fP, \fByaml\fP, and \fBpp\fP\&. .TP .B \fB\-G GATEWAY\fP, \fB\-\-ssh\-gateway GATEWAY\fP The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation. .TP .B \fB\-h\fP, \fB\-\-help\fP Shows help for the command. .TP .B \fB\-i IDENTITY_FILE\fP, \fB\-\-identity\-file IDENTIFY_FILE\fP The SSH identity file used for authentication. Key\-based authentication is recommended. .TP .B \fB\-k KEY\fP, \fB\-\-key KEY\fP The private key that knife will use to sign requests made by the API client to the Chef server\&. .TP .B \fB\-m\fP, \fB\-\-manual\-list\fP Use to define a search query as a space\-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: \fB\-\-manual\-list "server01 server 02 server 03"\fP .TP .B \fB\-\-[no\-]host\-key\-verify\fP Use \fB\-\-no\-host\-key\-verify\fP to disable host key verification. Default setting: \fB\-\-host\-key\-verify\fP\&. .TP .B \fBOTHER\fP The shell type. Possible values: \fBinteractive\fP, \fBscreen\fP, \fBtmux\fP, \fBmacterm\fP, or \fBcssh\fP\&. (\fBcsshx\fP is deprecated in favor of \fBcssh\fP\&.) .TP .B \fB\-p PORT\fP, \fB\-\-ssh\-port PORT\fP The SSH port. .TP .B \fB\-P PASSWORD\fP, \fB\-\-ssh\-password PASSWORD\fP The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) knife will prompt for the password. .TP .B \fB\-\-print\-after\fP Use to show data after a destructive operation. .TP .B \fB\-s URL\fP, \fB\-\-server\-url URL\fP The URL for the Chef server\&. .TP .B \fBSEARCH_QUERY\fP The search query used to return a list of servers to be accessed using SSH and the specified \fBSSH_COMMAND\fP\&. This option uses the same syntax as the search sub\-command. .TP .B \fBSSH_COMMAND\fP The command that will be run against the results of a search query. .TP .B \fB\-u USER\fP, \fB\-\-user USER\fP The user name used by knife to sign requests made by the API client to the Chef server\&. Authentication will fail if the user name does not match the private key. .TP .B \fB\-v\fP, \fB\-\-version\fP The version of the chef\-client\&. .TP .B \fB\-V\fP, \fB\-\-verbose\fP Set for more verbose outputs. Use \fB\-VV\fP for maximum verbosity. .TP .B \fB\-x USER_NAME\fP, \fB\-\-ssh\-user USER_NAME\fP The SSH user name. .TP .B \fB\-y\fP, \fB\-\-yes\fP Use to respond to all confirmation prompts with "Yes". knife will not ask for confirmation. .TP .B \fB\-z\fP, \fB\-\-local\-mode\fP Use to run the chef\-client in local mode. This allows all commands that work against the Chef server to also work against the local chef\-repo\&. .UNINDENT .sp \fBExamples\fP .sp The following examples show how to use this knife subcommand: .sp \fBVerify the SSL configuration for the Chef server\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl check .ft P .fi .UNINDENT .UNINDENT .sp \fBVerify the SSL configuration for the chef\-client\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl check \-c /etc/chef/client.rb .ft P .fi .UNINDENT .UNINDENT .sp \fBVerify an external server\(aqs SSL certificate\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl check URL_or_URI .ft P .fi .UNINDENT .UNINDENT .sp for example: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl check https://www.getchef.com .ft P .fi .UNINDENT .UNINDENT .SH AUTHOR Chef .\" Generated by docutils manpage writer. .