Updating the Content Runtime SSL Certificates

You can update the Chef server certificate on a content runtime deploy. Communication with components of the content runtime is performed with self-signed SSL certificates that are created during deploy. One of these certificates is used by the Chef server for communication with its clients.

The recommended method to replace this certificate with your own certificate is to follow the instructions available at the Chef Security page External link icon. Alternatively, you can create a virtual machine and pre-populate the SSL certificate before deploying the content runtime:

  1. Create a virtual machine in the cloud.

  2. Copy your .key and .pem files into /etc/opscode/ca on the virtual machine.

    Note: If you have a .crt file, ensure that it is in PEM format and rename the suffix to .pem.

  3. Deploy the type "other" content runtime to your virtual machine.