Provided by: chef_12.14.60-3ubuntu1_all bug


       knife-ssl-fetch - The man page for the knife ssl fetch subcommand.

       The  knife  ssl  fetch subcommand is used to copy SSL certificates from an HTTPS server to
       the trusted_certs_dir directory that is used by knife and the chef-client to store trusted
       SSL certificates. When these certificates match the hostname of the remote server, running
       knife ssl fetch is the only step required to verify a remote server that  is  accessed  by
       either knife or the chef-client.

          It  is  the  user's  responsibility to verify the authenticity of every SSL certificate
          before  downloading  it  to  the  trusted_certs_dir  directory.  knife  will  use   any
          certificate in that directory as if it is a 100% trusted and authentic SSL certificate.
          knife will not be able to determine if any  certificate  in  this  directory  has  been
          tampered  with,  is  forged, malicious, or otherwise harmful. Therefore it is essential
          that users take the proper steps before downloading certificates into this directory.


       This subcommand has the following syntax:

          $ knife ssl fetch URI_FOR_HTTPS_SERVER


       This subcommand has the following options:

       -a SSH_ATTR, --attribute SSH_ATTR
              The attribute that is used when opening the SSH connection. The  default  attribute
              is  the  FQDN  of  the  host.  Other possible values include a public IP address, a
              private IP address, or a hostname.

       -A, --forward-agent
              Use to enable SSH agent forwarding.

       -c CONFIG_FILE, --config CONFIG_FILE
              The configuration file to use.

       -C NUM, --concurrency NUM
              The number of allowed concurrent connections.

       --chef-zero-port PORT
              The port on which chef-zero will listen.

              Use to view colored output.

       -d, --disable-editing
              Use to prevent the $EDITOR from being opened and to accept data as-is.

              Use to have knife use the default value instead of asking a user to provide one.

       -e EDITOR, --editor EDITOR
              The $EDITOR that is used for all interactive commands.

       -E ENVIRONMENT, --environment ENVIRONMENT
              The name of the environment. When this option is added to a  command,  the  command
              will run only against the named environment.

       -F FORMAT, --format FORMAT
              The output format: summary (default), text, json, yaml, and pp.

       -G GATEWAY, --ssh-gateway GATEWAY
              The  SSH tunnel or gateway that is used to run a bootstrap action on a machine that
              is not accessible from the workstation.

       -h, --help
              Shows help for the command.

       -i IDENTITY_FILE, --identity-file IDENTIFY_FILE
              The  SSH  identity  file  used  for  authentication.  Key-based  authentication  is

       -k KEY, --key KEY
              The  private key that knife will use to sign requests made by the API client to the
              Chef server.

       -m, --manual-list
              Use to define a search query as a space-separated list of servers. If there is more
              than  one  item  in  the  list,  put  quotes  around  the entire list. For example:
              --manual-list "server01 server 02 server 03"

              Use  --no-host-key-verify  to  disable  host  key  verification.  Default  setting:

       OTHER  The  shell  type.  Possible  values:  interactive,  screen, tmux, macterm, or cssh.
              (csshx is deprecated in favor of cssh.)

       -p PORT, --ssh-port PORT
              The SSH port.

       -P PASSWORD, --ssh-password PASSWORD
              The SSH password. This can be used to pass the password  directly  on  the  command
              line.  If  this  option  is  not  specified (and a password is required) knife will
              prompt for the password.

              Use to show data after a destructive operation.

       -s URL, --server-url URL
              The URL for the Chef server.

              The search query used to return a list of servers to be accessed using SSH and  the
              specified SSH_COMMAND. This option uses the same syntax as the search sub-command.

              The command that will be run against the results of a search query.

       -u USER, --user USER
              The  user  name  used  by knife to sign requests made by the API client to the Chef
              server. Authentication will fail if the user name does not match the private key.

       -v, --version
              The version of the chef-client.

       -V, --verbose
              Set for more verbose outputs. Use -VV for maximum verbosity.

       -x USER_NAME, --ssh-user USER_NAME
              The SSH user name.

       -y, --yes
              Use to respond to all confirmation prompts with  "Yes".  knife  will  not  ask  for

       -z, --local-mode
              Use  to  run  the  chef-client  in  local  mode. This allows all commands that work
              against the Chef server to also work against the local chef-repo.


       The following examples show how to use this knife subcommand:

       Fetch the SSL certificates used by Knife from the Chef server

          $ knife ssl fetch

       Fetch the SSL certificates used by the chef-client from the Chef server

          $ knife ssl fetch -c /etc/chef/client.rb

       Fetch SSL certificates from a URL or URI

          $ knife ssl fetch URL_or_URI

       for example:

          $ knife ssl fetch



                                            Chef 12.0                          KNIFE-SSL-FETCH(1)