Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it.  We invite you to submit your ideas using the form below.  Please be sure to include the problem for which you are solving and the benefits of implementing the idea.  Thanks for collaborating with us!

chef-client chef_gem resource doesn't respect trusted_certs area

Chef Infra Client version 15.4.45

Similar to


The chef_gem resource currently only respects custom/private certs when they are found in the chef-client embedded ssl certs bundle after having been added by the customer.


If the chef_gem resource trusted trusted_certs content, this would be better/cleaner than adding certs to the embedded chef-client location at /opt/chef/embedded/lib/ruby/site_ruby/2.5.0/rubygems/ssl_certs for example.

Here's what happens when no part of the chef-client runtime is aware of the additional cert


ERROR: SSL verification error at depth 2: self signed certificate in certificate chain (19)

ERROR: Root certificate is not trusted (/CN=CUSTOMER Group Root CA Proxy G2)

  • Guest
  • Jan 23 2020
  • Attach files