SSLError嘗試創建與刀

Question

我試圖創造和提供一個新的EC2實例刀EC2服務器，而是繼續運行到SSL錯誤：

$bundle exec knife ec2 server create 
ERROR: Excon::Errors::SocketError: hostname "ec2.us-east-1b.amazonaws.com" does not match the server certificate (OpenSSL::SSL::SSLError) 

我從Mac上運行此（10.7）使用紅寶石2.0.0p0：

$ruby -v 
ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-darwin11.4.2] 

我很確定我正確地編譯了ruby openssl支持。從irb運行require 'openssl'返回true。我正在使用通過自制軟件安裝的OpenSSL 1.0.1e。

我也嘗試用紅寶石1.9.3-p194跑刀。這有相同的結果，並且有一個稍微有用的錯誤消息：「錯誤：Excon :: Errors :: SocketError：主機名與服務器證書（OpenSSL :: SSL :: SSLError）不匹配」。這種差異是這個拉取請求的結果，它改善了錯誤信息：https://github.com/ruby/ruby/pull/122。

從捲曲下面的輸出可能是相關的：

$curl -v https://ec2.us-east-1b.amazonaws.com 
* About to connect() to ec2.us-east-1b.amazonaws.com port 443 (#0) 
* Trying 67.215.65.132... connected 
* Connected to ec2.us-east-1b.amazonaws.com (67.215.65.132) port 443 (#0) 
* SSLv3, TLS handshake, Client hello (1): 
* SSLv3, TLS handshake, Server hello (2): 
* SSLv3, TLS handshake, CERT (11): 
* SSLv3, TLS handshake, Server finished (14): 
* SSLv3, TLS handshake, Client key exchange (16): 
* SSLv3, TLS change cipher, Client hello (1): 
* SSLv3, TLS handshake, Finished (20): 
* SSLv3, TLS change cipher, Client hello (1): 
* SSLv3, TLS handshake, Finished (20): 
* SSL connection using AES256-SHA 
* Server certificate: 
* subject: serialNumber=UoFmxu6ta5ecJiIs4su2w-q-u8rxJ/d3; OU=GT55236522; OU=See www.rapidssl.com/resources/cps (c)12; OU=Domain Control Validated - RapidSSL(R); CN=*.opendns.com 
* start date: 2012-08-23 10:11:50 GMT 
* expire date: 2014-09-25 12:42:00 GMT 
* subjectAltName does not match ec2.us-east-1b.amazonaws.com 
* Closing connection #0 
* SSLv3, TLS alert, Client hello (1): 
* SSL peer certificate or SSH remote key was not OK 
curl: (51) SSL peer certificate or SSH remote key was not OK 

有沒有別的東西，我需要以成功創建與刀EC2實例配置？

Answer 1

在我knife.rb配置文件中，我有這行：

knife[:region] = 'us-east-1b' 

這在過去的某個點的工作，但正確的當前設置爲：

knife[:region] = 'us-east-1' 

卸下「 b'解決SSL主機名錯誤：

$curl -v https://ec2.us-east-1.amazonaws.com 
* About to connect() to ec2.us-east-1.amazonaws.com port 443 (#0) 
* Trying 205.251.242.7... connected 
* Connected to ec2.us-east-1.amazonaws.com (205.251.242.7) port 443 (#0) 
* SSLv3, TLS handshake, Client hello (1): 
* SSLv3, TLS handshake, Server hello (2): 
* SSLv3, TLS handshake, CERT (11): 
* SSLv3, TLS handshake, Server finished (14): 
* SSLv3, TLS handshake, Client key exchange (16): 
* SSLv3, TLS change cipher, Client hello (1): 
* SSLv3, TLS handshake, Finished (20): 
* SSLv3, TLS change cipher, Client hello (1): 
* SSLv3, TLS handshake, Finished (20): 
* SSL connection using RC4-MD5 
* Server certificate: 
* subject: C=US; ST=Washington; L=Seattle; O=Amazon.com Inc.; CN=ec2.us-east-1.amazonaws.com 
* start date: 2010-10-08 00:00:00 GMT 
* expire date: 2013-10-07 23:59:59 GMT 
* subjectAltName: ec2.us-east-1.amazonaws.com matched 
* issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)09; CN=VeriSign Class 3 Secure Server CA - G2 
* SSL certificate verify ok. 
> GET/HTTP/1.1 
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5 
> Host: ec2.us-east-1.amazonaws.com 
> Accept: */* 
> 
< HTTP/1.1 301 Moved Permanently 
< Location: http://aws.amazon.com/ec2 
< Content-Length: 0 
< Date: Sat, 16 Mar 2013 21:15:51 GMT 
< Server: AmazonEC2 
< 
* Connection #0 to host ec2.us-east-1.amazonaws.com left intact 
* Closing connection #0 
* SSLv3, TLS alert, Client hello (1): 

Answer 2

當您在mac書上安裝chef-client時，它會自動安裝刀和相關庫，您不必手動執行。你不必與束EXEC運行，只需輸入刀EC2服務器創建，你會如果你收到此輸出，然後你的刀正常工作得到下面的輸出

** EC2 COMMANDS ** 
knife ec2 server list (options) 
knife ec2 server delete SERVER [SERVER] (options) 
knife ec2 server create (options) 
knife ec2 instance data (options) 
knife ec2 flavor list (options) 

。並且確保您的knife.rb配置正確，如果您有任何問題請告訴我。