.\" Man page generated from reStructuredText. . .TH "KNIFE-SSL-FETCH" "1" "Chef 11.14" "" "knife ssl fetch" .SH NAME knife-ssl-fetch \- The man page for the knife ssl fetch subcommand. . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .sp The \fBknife ssl fetch\fP subcommand is used to copy SSL certificates from an HTTPS server to the \fBtrusted_certs_dir\fP directory that is used by Knife and the chef\-client to store trusted SSL certificates. When these certificates match the hostname of the remote server, running \fBknife ssl fetch\fP is the only step required to verify a remote server that is accessed by either Knife or the chef\-client\&. .sp \fBWARNING:\fP .INDENT 0.0 .INDENT 3.5 It is the user\(aqs responsibility to verify the authenticity of every SSL certificate before downloading it to the \fBtrusted_certs_dir\fP directory. Knife will use any certificate in that directory as if it is a 100% trusted and authentic SSL certificate. Knife will not be able to determine if any certificate in this directory has been tampered with, is forged, malicious, or otherwise harmful. Therefore it is essential that users take the proper steps before downloading certificates into this directory. .UNINDENT .UNINDENT .sp \fBSyntax\fP .sp This subcommand has the following syntax: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl fetch URI_FOR_HTTPS_SERVER .ft P .fi .UNINDENT .UNINDENT .sp \fBOptions\fP .sp This subcommand has the following options: .INDENT 0.0 .TP .B \fB\-a SSH_ATTR\fP, \fB\-\-attribute SSH_ATTR\fP The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname. .TP .B \fB\-A\fP, \fB\-\-forward\-agent\fP Use to enable SSH agent forwarding. .TP .B \fB\-c CONFIG_FILE\fP, \fB\-\-config CONFIG_FILE\fP The configuration file to use. .TP .B \fB\-C NUM\fP, \fB\-\-concurrency NUM\fP The number of allowed concurrent connections. .TP .B \fB\-\-chef\-zero\-port PORT\fP The port on which chef\-zero will listen. .TP .B \fB\-\-[no\-]color\fP Use to view colored output. .TP .B \fB\-d\fP, \fB\-\-disable\-editing\fP Use to prevent the $EDITOR from being opened and to accept data as\-is. .TP .B \fB\-\-defaults\fP Use to have Knife use the default value instead of asking a user to provide one. .TP .B \fB\-e EDITOR\fP, \fB\-\-editor EDITOR\fP The $EDITOR that is used for all interactive commands. .TP .B \fB\-E ENVIRONMENT\fP, \fB\-\-environment ENVIRONMENT\fP The name of the environment. When this option is added to a command, the command will run only against the named environment. .TP .B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP The output format: \fBsummary\fP (default), \fBtext\fP, \fBjson\fP, \fByaml\fP, and \fBpp\fP\&. .TP .B \fB\-G GATEWAY\fP, \fB\-\-ssh\-gateway GATEWAY\fP The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation. .TP .B \fB\-h\fP, \fB\-\-help\fP Shows help for the command. .TP .B \fB\-i IDENTITY_FILE\fP, \fB\-\-identity\-file IDENTIFY_FILE\fP The SSH identity file used for authentication. Key\-based authentication is recommended. .TP .B \fB\-k KEY\fP, \fB\-\-key KEY\fP The private key that Knife will use to sign requests made by the API client to the Chef server\&. .TP .B \fB\-m\fP, \fB\-\-manual\-list\fP Use to define a search query as a space\-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: \fB\-\-manual\-list "server01 server 02 server 03"\fP .TP .B \fB\-\-[no\-]host\-key\-verify\fP Use \fB\-\-no\-host\-key\-verify\fP to disable host key verification. Default setting: \fB\-\-host\-key\-verify\fP\&. .TP .B \fBOTHER\fP The shell type. Possible values: \fBinteractive\fP, \fBscreen\fP, \fBtmux\fP, \fBmacterm\fP, or \fBcssh\fP\&. (\fBcsshx\fP is deprecated in favor of \fBcssh\fP\&.) .TP .B \fB\-p PORT\fP, \fB\-\-ssh\-port PORT\fP The SSH port. .TP .B \fB\-P PASSWORD\fP, \fB\-\-ssh\-password PASSWORD\fP The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) Knife will prompt for the password. .TP .B \fB\-\-print\-after\fP Use to show data after a destructive operation. .TP .B \fB\-s URL\fP, \fB\-\-server\-url URL\fP The URL for the Chef server\&. .TP .B \fBSEARCH_QUERY\fP The search query used to return a list of servers to be accessed using SSH and the specified \fBSSH_COMMAND\fP\&. This option uses the same syntax as the search sub\-command. .TP .B \fBSSH_COMMAND\fP The command that will be run against the results of a search query. .TP .B \fB\-u USER\fP, \fB\-\-user USER\fP The user name used by Knife to sign requests made by the API client to the Chef server\&. Authentication will fail if the user name does not match the private key. .TP .B \fB\-v\fP, \fB\-\-version\fP The version of the chef\-client\&. .TP .B \fB\-V\fP, \fB\-\-verbose\fP Set for more verbose outputs. Use \fB\-VV\fP for maximum verbosity. .TP .B \fB\-x USER_NAME\fP, \fB\-\-ssh\-user USER_NAME\fP The SSH user name. .TP .B \fB\-y\fP, \fB\-\-yes\fP Use to respond to all confirmation prompts with "Yes". Knife will not ask for confirmation. .TP .B \fB\-z\fP, \fB\-\-local\-mode\fP Use to run the chef\-client in local mode. This allows all commands that work against the Chef server to also work against the local chef\-repo\&. .UNINDENT .sp \fBExamples\fP .sp The following examples show how to use this Knife subcommand: .sp \fBFetch the SSL certificates used by Knife from the Chef server\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl fetch .ft P .fi .UNINDENT .UNINDENT .sp \fBFetch the SSL certificates used by the chef\-client from the Chef server\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl fetch \-c /etc/chef/client.rb .ft P .fi .UNINDENT .UNINDENT .sp \fBFetch SSL certificates from a URL or URI\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl fetch URL_or_URI .ft P .fi .UNINDENT .UNINDENT .sp for example: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C $ knife ssl fetch https://www.getchef.com .ft P .fi .UNINDENT .UNINDENT .SH AUTHOR Chef .\" Generated by docutils manpage writer. .