Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!


Merged idea

This idea has been merged into another idea. The merged idea is not visible in this portal.

chef-client chef_gem resource doesn't respect trusted_certs area Merged

Chef Infra Client version 15.4.45

Similar to


The chef_gem resource currently only respects custom/private certs when they are found in the chef-client embedded ssl certs bundle after having been added by the customer.


If the chef_gem resource trusted trusted_certs content, this would be better/cleaner than adding certs to the embedded chef-client location at /opt/chef/embedded/lib/ruby/site_ruby/2.5.0/rubygems/ssl_certs for example.

Here's what happens when no part of the chef-client runtime is aware of the additional cert


ERROR: SSL verification error at depth 2: self signed certificate in certificate chain (19)

ERROR: Root certificate is not trusted (/CN=CUSTOMER Group Root CA Proxy G2)

  • Guest
  • Jan 23 2020
  • Under Consideration
  • Admin
    Joshua O'Brien commented
    24 Jul 14:32

    This is a duplicate of CHEF-I-35. Closing in favor of 35.