Provided by: chef_12.14.60-3ubuntu1_all bug


       knife-ssl-check - The man page for the knife ssl check subcommand.

       The  knife ssl check subcommand is used to verify the SSL configuration for the Enterprise
       Chef and/or Open Source Chef servers, or at another location specified by a URL or URI.

          When verification of a remote server's SSL certificate  is  disabled,  the  chef-client
          will  issue  a  warning similar to "SSL validation of HTTPS requests is disabled. HTTPS
          connections are still encrypted, but the chef-client  is  not  able  to  detect  forged
          replies  or  man-in-the-middle  attacks."  To  configure  SSL  for the chef-client, set
          ssl_verify_mode to  :verify_peer  (recommended)  or  verify_api_cert  to  true  in  the
          client.rb file.


       This subcommand has the following syntax:

          $ knife ssl check URI


       This subcommand has the following options:

       -a SSH_ATTR, --attribute SSH_ATTR
              The  attribute  that is used when opening the SSH connection. The default attribute
              is the FQDN of the host. Other possible values  include  a  public  IP  address,  a
              private IP address, or a hostname.

       -A, --forward-agent
              Use to enable SSH agent forwarding.

       -c CONFIG_FILE, --config CONFIG_FILE
              The configuration file to use.

       -C NUM, --concurrency NUM
              The number of allowed concurrent connections.

       --chef-zero-port PORT
              The port on which chef-zero will listen.

              Use to view colored output.

       -d, --disable-editing
              Use to prevent the $EDITOR from being opened and to accept data as-is.

              Use to have knife use the default value instead of asking a user to provide one.

       -e EDITOR, --editor EDITOR
              The $EDITOR that is used for all interactive commands.

       -E ENVIRONMENT, --environment ENVIRONMENT
              The  name  of  the environment. When this option is added to a command, the command
              will run only against the named environment.

       -F FORMAT, --format FORMAT
              The output format: summary (default), text, json, yaml, and pp.

       -G GATEWAY, --ssh-gateway GATEWAY
              The SSH tunnel or gateway that is used to run a bootstrap action on a machine  that
              is not accessible from the workstation.

       -h, --help
              Shows help for the command.

       -i IDENTITY_FILE, --identity-file IDENTIFY_FILE
              The  SSH  identity  file  used  for  authentication.  Key-based  authentication  is

       -k KEY, --key KEY
              The private key that knife will use to sign requests made by the API client to  the
              Chef server.

       -m, --manual-list
              Use to define a search query as a space-separated list of servers. If there is more
              than one item in the  list,  put  quotes  around  the  entire  list.  For  example:
              --manual-list "server01 server 02 server 03"

              Use  --no-host-key-verify  to  disable  host  key  verification.  Default  setting:

       OTHER  The shell type. Possible values:  interactive,  screen,  tmux,  macterm,  or  cssh.
              (csshx is deprecated in favor of cssh.)

       -p PORT, --ssh-port PORT
              The SSH port.

       -P PASSWORD, --ssh-password PASSWORD
              The  SSH  password.  This  can be used to pass the password directly on the command
              line. If this option is not specified (and  a  password  is  required)  knife  will
              prompt for the password.

              Use to show data after a destructive operation.

       -s URL, --server-url URL
              The URL for the Chef server.

              The  search query used to return a list of servers to be accessed using SSH and the
              specified SSH_COMMAND. This option uses the same syntax as the search sub-command.

              The command that will be run against the results of a search query.

       -u USER, --user USER
              The user name used by knife to sign requests made by the API  client  to  the  Chef
              server. Authentication will fail if the user name does not match the private key.

       -v, --version
              The version of the chef-client.

       -V, --verbose
              Set for more verbose outputs. Use -VV for maximum verbosity.

       -x USER_NAME, --ssh-user USER_NAME
              The SSH user name.

       -y, --yes
              Use  to  respond  to  all  confirmation  prompts with "Yes". knife will not ask for

       -z, --local-mode
              Use to run the chef-client in local  mode.  This  allows  all  commands  that  work
              against the Chef server to also work against the local chef-repo.


       The following examples show how to use this knife subcommand:

       Verify the SSL configuration for the Chef server

          $ knife ssl check

       Verify the SSL configuration for the chef-client

          $ knife ssl check -c /etc/chef/client.rb

       Verify an external server's SSL certificate

          $ knife ssl check URL_or_URI

       for example:

          $ knife ssl check



                                            Chef 12.0                          KNIFE-SSL-CHECK(1)