Deploying a client node fails

You might see an error in the log that the topology node failed to deploy.

Symptoms

ERROR 14: Peer cert cannot be verified or peer cert invalid.

Causes

The deployment can fail if an SSL certificate exists on the client node.

Resolving the problem

Ensure that the client node does not have an existing SSL certificate.
  1. On the Chef server, run the following commands: 
    knife node delete -y  chef-client-fqdn
knife client delete -y chef-client-fqdn
  2. On the client node, run the following commands:
    1. Run the rm -rf /etc/chef command.
    2. Run the rm -rf /etc/yum.repos.d/ibmos* command.
    3. List the yum repos and validate that you do not have OpenStack yum repos configured:
      1. Run yum repolist to list the repos.
      2. Delete OpenStack yum repos. To delete all yum repos, run yum clean all or to delete an individual repo, run yum erase <repo>.
    4. Delete the SSL certificates.
      1. Export NSS_DEFAULT_DB_TYPE="sql".
      2. To list the named certificates in the NSS db, run the following command: 
        certutil -L -d /etc/pki/nssdb
      3. To extract the Chef certificate and view who issued it, run the following command:
        certutil -L -d /etc/pki/nssdb -a -n 'chef-server-cert' > chef.crt
openssl x509 -noout -text -in chef.crt | grep Issuer
      4. To delete the Chef certificate, run the following command:
        certutil -D -d /etc/pki/nssdb -n 'chef-server-cert'