If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: docs.chef.io/server/server_security - Security.

site address: docs.chef.io/server/server_security redirected to: docs.chef.io/server/server_security

site title: Security

Our opinion (on Friday 03 July 2026 22:42:27 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=This guide covers the security features available in Chef Infra Server. SSL Certificates Initial configuration of the Chef Infra Server is done automatically using a self-signed certificate to create the certificate and private key files for Nginx. This section details the process for updating a Chef Infra Server’s SSL certificate.;

Headings (most frequently used words):

chef, ssl, certificates, infra, server, key, installation, private, certificate, security, credentials, management, encryption, between, and, external, postgresql, rotation, automatic, recommended, manual, protocols, knife, client, authority, intermediate, verify, was, signed, by, proper, regenerate, add, on, compatibility, etc, opscode, secrets, json,

Text of the page (most frequently used words):
chef (228), the (166), #server (102), infra (85), and (82), ssl (55), nginx (51), #certificate (48), for (46), overview (46), key (38), certificates (36), install (33), postgresql (32), file (32), with (31), version (30), automate (30), builder (30), deployment (28), tlsv1 (27), node (26), opscode (25), this (24), configure (24), aws (24), about (23), client (22), rsa (22), ecdhe (21), aes256 (21), private (20), gcm (20), sha384 (20), 256 (20), habitat (20), ctl (18), settings (18), supermarket (18), upgrade (18), all (17), etc (17), management (17), using (17), following (17), manage (17), api (17), add (16), configuration (16), users (16), crt (16), packages (16), prem (16), are (15), will (15), that (15), root (15), files (15), config (15), from (14), opt (14), reference (14), security (13), community (13), backend (13), fqdn (13), workstation (13), create (13), nodes (13), not (12), your (12), openssl (12), var (12), example (12), license (12), 360 (12), managed (12), used (11), use (11), external (11), secrets (11), verify (11), authority (11), database (11), knife (10), can (10), connections (10), machine (10), data (10), private_chef (10), compliance (10), platform (10), backup (10), restore (10), effortless (10), recovery (10), saas (10), started (10), opensearch (10), credentials (9), intermediate (9), installation (9), run (9), set (9), new (9), system (9), guide (9), signed (8), user (8), log (8), command (8), local (8), default (8), service (8), supported (8), update (8), cloud (8), resources (8), prerequisites (8), origin (8), disaster (8), requirements (8), desktop (8), iam (8), between (7), page (7), you (7), more (7), then (7), which (7), troubleshooting (7), versions (7), rotation (6), json (6), regenerate (6), was (6), feedback (6), support (6), information (6), commands (6), start (6), reconfigure (6), these (6), should (6), setting (6), generated (6), ssl_certificate_key (6), ssl_certificate (6), single (6), end (6), exist (6), content (6), ssl_ciphers (6), high (6), cookbooks (6), audit (6), migrate (6), inspec (6), style (6), cookstyle (6), cluster (6), services (6), package (6), logs (6), get (6), integrations (6), dashboard (6), applications (6), enterprise (6), see (5), their (5), policy (5), terms (5), licensing (5), contents (5), how (5), hostssl (5), only (5), conf (5), keys (5), csr (5), error (5), during (5), ssl_signing_conf (5), ssl_keyfile (5), resource (5), ssl_protocols (5), tls (5), progress (4), names (4), trademarks (4), other (4), any (4), encryption (4), compatibility (4), proper (4), table (4), still (4), postgres (4), psql (4), session (4), running (4), restart (4), md5 (4), sudo (4), ons (4), locations (4), insecure_addon_compat (4), custom (4), values (4), after (4), configured (4), host (4), pem (4), list (4), self (4), ssl_crtfile (4), server_name (4), value (4), communication (4), pki (4), send (4), downloads (4), uninstall (4), organizations (4), groups (4), roles (4), saml (4), ldap (4), packs (4), profiles (4), download (4), apis (4), upgrades (4), monitor (4), quick (4), deprecations (4), cops (4), firewalls (4), ports (4), authentication (4), authorization (4), availability (4), core (4), origins (4), profile (4), minio (4), cookbook (4), application (4), enrollment (4), setup (4), infrastructure (4), getting (4), migration (4), courier (4), tokens (4), jobs (4), app (4), integration (4), elasticsearch (4), amazon (4), a2ha (4), premises (4), platforms (4), edition (4), product (3), one (3), does (3), protocols (3), manual (3), automatic (3), recommended (3), edit (3), github (3), cipher (3), show (3), enabled (3), into (3), path (3), pg_hba (3), non (3), paths (3), place (3), ensure (3), both (3), access (3), over (3), administration (3), passwords (3), share (3), secure (3), allow (3), write (3), name (3), lists (3), password (3), writes (3), those (3), directory (3), original (3), mismatch (3), sha1 (3), x509 (3), internal (3), systems (3), because (3), back (3), failure (3), later (3), not_if (3), mode (3), 0755 (3), group (3), owner (3), join (3), nginx_ca_dir (3), macos (3), windows (3), rc4 (3), https (3), docs (3), tuning (3), load (3), certs (3), available (3), herein (2), software (2), corporation (2), its (2), subsidiaries (2), affiliates (2), rights (2), reserved (2), respective (2), owners (2), 2026 (2), modified (2), improve (2), document (2), rows (2), pg_stat_ssl (2), select (2), enter (2), instance (2), state (2), require (2), done (2), unix (2), domain (2), here (2), prevent (2), specify (2), have (2), correct (2), permissions (2), compiled (2), machines (2), must (2), contain (2), allows (2), make (2), trusted (2), older (2), false (2), provided (2), such (2), without (2), including (2), them (2), where (2), written (2), automatically (2), necessary (2), organization (2), has (2), delete (2), same (2), like (2), part (2), need (2), previous (2), stdin (2), 05b4f62e52fe7ce2351ff81d3e1060c0cdf1fa24 (2), 432 (2), lxc (2), noout (2), modulus (2), when (2), match (2), possible (2), occur (2), process (2), cat (2), append (2), cacert (2), optionally (2), already (2), requests (2), made (2), embedded (2), bin (2), req (2), eoh (2), req_distinguished_name (2), releases (2), psk (2), sslv2 (2), seed (2), camellia (2), anull (2), adh (2), enull (2), exp (2), medium (2), low (2), kedh (2), nil (2), man1 (2), than (2), characters (2), certifying (2), initial (2), environments (2), bags (2), clients (2), active (2), console (2), legacy (2), azure (2), remediation (2), release (2), notes (2), what (2), scaffolding (2), variables (2), pattern (2), attributehelper (2), attributedefault (2), useplatformhelpers (2), unnecessaryplatformcasestatement (2), unnecessaryoscheck (2), trueclassfalseclassresourceproperties (2), simplifyplatformmajorversioncheck (2), overlycomplexsupportsdependsmetadata (2), negatingonlyif (2), includerecipewithparentheses (2), immediatenotificationtiming (2), filemode (2), defaultcopyrightcomments (2), copyrightcommentformat (2), commentsentencespacing (2), commentformat (2), chefwhaaat (2), attributekeys (2), invalidlicensestring (2), insecurecookbookurl (2), includeresourceexamples (2), includeresourcedescriptions (2), includepropertydescriptions (2), emptymetadatafield (2), defaultmetadatamaintainer (2), sharing (2), sshprivatekey (2), unlessdefinedrequire (2), requirenethttps (2), legacypowershelloutmethods (2), gemspecrequirerubygems (2), gemspeclicense (2), ruby (2), usecreateifmissing (2), unnecessarynameproperty (2), unnecessarydesiredstate (2), suggestsmetadata (2), stringpropertywithnildefault (2), sensitivepropertyinresource (2), resourcewithnothingaction (2), replacesmetadata (2), recipemetadata (2), providesmetadata (2), propertywithrequiredanddefault (2), propertysplatregex (2), ohaiattributetostring (2), namepropertyisrequired (2), multipleplatformchecks (2), longdescriptionmetadata (2), groupingmetadata (2), doublecompiletime (2), customresourcewithallowedactions (2), conflictsmetadata (2), attributemetadata (2), aptrepositorynotifiesaptupdate (2), aptrepositorydistributiondefault (2), redundantcode (2), zipfileresource (2), windowszipfileusage (2), windowsscresource (2), windowsregistryuac (2), whyrunsupportedtrue (2), useszypperrepo (2), userequirerelative (2), usemultipackageinstalls (2), usecheflanguagesystemdhelper (2), usecheflanguageenvhelpers (2), usecheflanguagecloudhelpers (2), usebuildessentialresource (2), unnecessarymixlibshelloutrequire (2), unnecessarydependschef15 (2), unnecessarydependschef14 (2), sysctlparamresource (2), simplifyaptppasetup (2), shellouttochocolatey (2), shellouthelper (2), sevenziparchiveresource (2), setorreturninresources (2), respondtoresourcename (2), respondtoprovides (2), respondtoinmetadata (2), respondtocompiletime (2), resourcenamefrominitialize (2), resourceforcingcompiletime (2), providesfrominitialize (2), propertywithnameattribute (2), powershellscriptexpandarchive (2), powershellinstallwindowsfeature (2), powershellinstallpackage (2), powershellguardinterpreter (2), osxconfigprofileresource (2), opensslx509resource (2), opensslrsakeyresource (2), noderolesinclude (2), nodeinitpackage (2), minitesthandlerusage (2), macosxuserdefaults (2), libarchivefileresource (2), legacyberksfilesource (2), includingwindowsdefaultrecipe (2), includingohaidefaultrecipe (2), includingmixinshelloutinresources (2), includingaptdefaultrecipe (2), ifprovidesdefaultaction (2), foodcriticcomments (2), executetzutil (2), executesysctl (2), executesleep (2), executescexe (2), executeaptupdate (2), emptyresourceinitializemethod (2), dslincludeinresource (2), dependsonzyppercookbook (2), dependsonwindowsfirewallcookbook (2), dependsontimezonelwrpcookbook (2), dependsonopensslcookbook (2), dependsonlocalecookbook (2), dependsonkernelmodulecookbook (2), dependsonchocolateycookbooks (2), dependsonchefvaultcookbook (2), definitions (2), defineschefspecmatchers (2), defaultactionfrominitialize (2), declareactionclass (2), databaghelpers (2), customresourcewithattributes (2), cronmanageresource (2), crondfileortemplate (2), conditionalusingtest (2), classevalactionclass (2), chefgemnokogiri (2), allowedactionsfrominitialize (2), actionmethodinresource (2), modernize (2), searchforenvironmentsorroles (2), dependschefvault (2), cookbookusessearch (2), cookbookusesroles (2), cookbookusespolicygroups (2), cookbookusesenvironments (2), cookbookusesdatabags (2), chefvaultused (2), berksfile (2), windowsversionhelpers (2), windowstaskchangeaction (2), windowspackageinstallertypestring (2), windowsfeatureservermanagercmd (2), verifypropertyusesfileexpansion (2), useyamldump (2), usesruncommandhelper (2), usesdeprecatedmixins (2), useschefresthelpers (2), userdeprecatedsupportsproperty (2), useinlineresourcesdefined (2), useautomaticresourcename (2), searchusespositionalparameters (2), rubyblockcreateaction (2), ruby27keywordargumentwarnings (2), resourcewithoutunifiedtrue (2), resourceusesupdatedmethod (2), resourceusesproviderbasemethod (2), resourceusesonlyresourcename (2), resourceusesdslnamemethod (2), resourceoverridesprovidesmethod (2), resourceinheritsfromcompatresource (2), requirerecipe (2), powershellcookbookhelpers (2), policyfilecommunitysource (2), poisearchiveusage (2), partialsearchhelperusage (2), partialsearchclassusage (2), nodesetwithoutlevel (2), nodesetunless (2), nodeset (2), nodemethodsinsteadofattributes (2), nodedeepfetch (2), namepropertywithdefaultvalue (2), macosuserdefaultsglobalproperty (2), logresourcenotifications (2), localedeprecatedlcallproperty (2), librarianchefspec (2), legacyyumcookbookrecipes (2), legacynotifysyntax (2), launchddeprecatedhashproperty (2), includingyumdnfcompatrecipe (2), includingxmlrubyrecipe (2), hwrpwithoutunifiedtrue (2), hwrpwithoutprovides (2), foodcritictesting (2), foodcriticfile (2), executerelativecreateswithoutcwd (2), executepathproperty (2), erlcallresource (2), epicfail (2), eolauditmodeusage (2), easyinstallresource (2), deprecatedyumrepositoryproperties (2), deprecatedyumrepositoryactions (2), deprecatedwindowsversioncheck (2), deprecatedsudoactions (2), deprecatedshelloutmethods (2), deprecatedplatformmethods (2), deprecatedchefspecplatform (2), dependsonomnibusupdatercookbook (2), dependsonchefreportingcookbook (2), dependsonchefnginxcookbook (2), delivery (2), cookbooksdependsonself (2), cookbookdependsonpoise (2), cookbookdependsonpartialsearch (2), cookbookdependsoncompatresource (2), chocolateypackageuninstallaction (2), chefwindowsplatformhelper (2), chefsugarhelpers (2), chefspeclegacyrunner (2), chefspeccoveragereport (2), chefshellout (2), chefrewind (2), chefhandlerusessupports (2), chefhandlerrecipe (2), cheffile (2), chefdkgenerators (2), tmppath (2), supportsmustbefloat (2), serviceresource (2), scopedfileexist (2), resourcewithnoneaction (2), resourcesetsnameproperty (2), resourcesetsinternalproperties (2), propertywithouttype (2), powershellscriptdeletefile (2), powershellfileexists (2), opensslpasswordhelpers (2), octalmodeasstring (2), notifiesactionnotsymbol (2), nodenormalunless (2), nodenormal (2), metadatamissingversion (2), metadatamissingname (2), metadatamalformeddepends (2), malformedplatformvalueforplatformhelper (2), macosuserdefaultsinvalidtype (2), lazyinresourceguard (2), lazyevalnodeattributedefaults (2), invalidversionmetadata (2), invalidplatformvalueforplatformhelper (2), invalidplatformvalueforplatformfamilyhelper (2), invalidplatformmetadata (2), invalidplatformincase (2), invalidplatformhelper (2), invalidplatformfamilyincase (2), invalidplatformfamilyhelper (2), invalidnotificationtiming (2), invalidnotificationresource (2), invaliddefaultaction (2), invalidcookbookname (2), incorrectlibraryinjection (2), emptyresourceguard (2), dnfpackageallowdowngrades (2), cookbookusesnodesave (2), conditionalrubyshellout (2), chefapplicationfatal (2), blockguardwithonlystring (2), correctness (2), v25 (2), v26 (2), optional (2), usage (2), tiered (2), airgap (2), capacity (2), planning (2), plan (2), base (2), 2025 (2), refresh (2), strategy (2), account (2), bootstrap (2), membership (2), rbac (2), rotate (2), separate (2), scale (2), frontend (2), artifactory (2), artifact (2), store (2), warm (2), spare (2), env (2), connect (2), windows_update_settings (2), windows_power_management (2), windows_password_policy (2), windows_ie_esc (2), windows_firewall (2), windows_disk_encryption (2), windows_desktop_winrm_settings (2), windows_desktop_screensaver (2), windows_defender_exclusion (2), windows_defender (2), windows_choco_installer (2), windows_automatic_logout (2), windows_app_management (2), windows_admin_control (2), rescue_account (2), macos_power_management (2), macos_password_policy (2), macos_firewall (2), macos_disk_encryption (2), macos_desktop_screensaver (2), macos_automatic_software_updates (2), macos_automatic_logout (2), macos_app_management (2), macos_admin_control (2), zero (2), touch (2), redirect (2), sso (2), opsworks (2), skills (2), guides (2), enroll (2), clis (2), san (2), best (2), practices (2), feature (2), flags (2), cli (2), architecture (2), administrator (2), incident (2), servicenow (2), marketplace (2), runs (2), scan (2), reports (2), eas (2), event (2), feed (2), teams (2), policies (2), actions (2), projects (2), lifecycle (2), feeds (2), notifications (2), cleanup (2), monitoring (2), centralize (2), large (2), report (2), ingestion (2), invalid (2), login (2), attempts (2), telemetry (2), timeout (2), disclosure (2), panel (2), banner (2), collection (2), topics (2), manager (2), bastion (2), rds (2), vpc (2), cidr (2), balancer (2), faqs (2), performance (2), benchmarks (2), view (2), bootstrapping (2), generation (2), remove (2), existing (2), efs (2), object (2), storage (2), filesystem (2), customer (2), airgapped (2), tutorial (2), shortcodes (2), front (2), matter (2), reuse (2), hugo (2), procedures (2), tables (2), headings (2), notices (2), markdown (2), linking (2), formatting (2), tools (2), house (2), contribute (2), guidelines (2), contributions (2), commercial (2), script (2), accept (2), training (2), blog (2), main (2), certain, registered, countries, appropriate, markings, contained, inclusion, imply, endorsement, affiliation, sponsorship, copyright, last, february, cookie, privacy, trademark, site, map, thank, submit, fill, field, ask, contact, stuck, help, yes, helpful, 16119, 16102, 16101, 16100, 16099, 16098, 16097, 16096, 16095, 16094, 16093, 16092, 16091, 16090, 16089, 16088, 16087, 16086, 16085, 16084, 16083, pid, bits, compression, clientdn, return, true, row, opscode_chef, way, examine, sql, queries, sslmode, line, typically, 192, 168, 100, nonlocal, 128, ipv6, 127, ipv4, peer, socket, sample, different, accepting, change, relevant, ssl_key_file, ssl_cert_file, cert, enable, editing, directories, they, filenames, ownerships, applies, whether, compiling, own, source, pre, binary, installed, gain, typical, scenario, enabling, networked, together, accessible, encrypt, traffic, instructions, encompassing, assume, some, familiarity, consult, documentation, while, plaintext, safe, untrusted, format, deployments, conform, regulations, forbid, appearance, sensitive, plain, text, however, meaningfully, read, contains, underlying, stores, thus, restricted, newer, also, minimum, restrictive, greater, via, provide, multiple, inside, designed, maintain, option, further, restrict, latest, location, limits, disk, created, defined, referenced, two, please, found, hostname, located, named, determine, stop, regenerated, periodically, important, protecting, vulnerabilities, helps, stored, being, compromised, fix, generate, produce, along, away, tell, sure, doesn, emerg, ssl_ctx_use_privatekey_file, failed, 0b080074, routines, x509_check_private_key, your_hostname, certificatesigningrequest, question, always, output, don, random, newly, symptoms, issue, look, 3rd, party, providers, verisign, usual, treatment, but, mimics, behaves, followed, fetch, verbose, purpose, sslserver, cafile, check, combined, validity, well, appear, ships, operating, web, browsers, currently, deployed, able, issued, manner, trust, follow, chain, enough, globally, known, cacerts, design, until, verifiable, added, request, sent, sslerror, ssl_connect, sslv3, errno, returned, validation, connecting, com, responds, similar, downloading, enables, verification, means, recognized, downloaded, run_action, days, 3650, run_context, block, ruby_block, crtfile, emailaddress, ssl_email_address, ssl_organizational_unit_name, ssl_company_name, ssl_locality_name, ssl_state_name, ssl_country_name, prompt, distinguished_name, genrsa, 2048, unless, shows, sets, configures, suite, configurable, starting, defaults, enhanced, defaulted, allowed, less, linux, life, protocol, suites, establish, connection, favor, forward, drop, prefix, sha, copying, reflect, desired, level, hardness, www, org, ciphers, html, note, often, effort, resolvable, lowercase, fewer, suffix, requires, longer, warning, replace, been, updated, manually, placing, obtained, save, define, description, adding, section, details, updating, covers, features, menu, search, skip,


Text of the page (random words):
single node from cluster automate config generation config verify automate ha commands node bootstrapping configuration overview ha opensearch node config ha postgresql node config disaster recovery disaster recovery on prem disaster recovery for aws deployment certificates view certificates add custom certificate during deployment self signed certificates certificate rotation performance benchmarks faqs troubleshooting reference load balancer configuration create amazon opensearch vpc and cidr setup create amazon rds sudo password iam users migrate bastion to new machine aws certificate manager reference topics configure overview data collection disclosure panel and banner session timeout telemetry invalid login attempts large compliance report ingestion chef infra configuration in chef automate chef infra external cookbooks in chef automate manage backup log management centralize logs audit logs in s3 minio migrate monitoring restore managed services package cleanup elasticsearch configure elasticsearch upgrade to opensearch opensearch configure opensearch postgresql configure postgresql upgrade external postgresql settings notifications data feeds data lifecycle node integrations node credentials projects user profile users authentication ldap saml authorization iam overview iam users guide iam actions api tokens policies roles teams users event feed applications chef eas setting up the applications dashboard applications dashboard desktop dashboard troubleshooting compliance reports scan jobs profiles nodes infrastructure client runs chef infra server integrations aws marketplace servicenow integration app incident app administrator reference reference architecture chef automate api automate cli feature flags security best practices upgrade upgrade upgrade to 3 x upgrade to 4 x update non san certificates for 4 7 52 version chef cloud chef 360 saas overview system requirements get started overview set up chef 360 saas install clis node management settings enroll nodes run courier jobs user guides create and use tokens with the chef 360 platform apis chef 360 platform system administration chef courier chef node management update skills chef saas overview get started aws opsworks migration configure sso redirect nodes chef desktop about chef desktop getting started requirements infrastructure overview install quick start guide install workstation automate server cookbook setup set up policy set up nodes zero touch deployment macos enrollment application management windows enrollment application management chef desktop cookbook reference resources all resources single page macos_admin_control macos_app_management macos_automatic_logout macos_automatic_software_updates macos_desktop_screensaver macos_disk_encryption macos_firewall macos_password_policy macos_power_management rescue_account windows_admin_control windows_app_management windows_automatic_logout windows_choco_installer windows_defender windows_defender_exclusion windows_desktop_screensaver windows_desktop_winrm_settings windows_disk_encryption windows_firewall windows_ie_esc windows_password_policy windows_power_management windows_update_settings chef habitat habitat v 2 1 habitat v 2 0 habitat v 1 6 habitat builder about habitat builder on prem builder about on prem builder install overview system requirements install builder connect your workstation to builder configure overview example builder env config file configure disaster recovery or warm spare use artifactory as a package artifact store configure builder logs scale builder frontend separate backend services manage overview minio postgresql rotate ssl certs upgrade builder origins overview create an origin origin keys origin membership and rbac packages overview bootstrap core packages update packages troubleshooting saas builder about habitat saas builder create an account builder profile origins origin packages builder api supported packages habitat package refresh strategy core base 2025 packages chef infra client chef infra client 19 chef infra client 18 chef infra server overview infra server overview services plan chef infra server prerequisites capacity planning install install chef infra server install high availability airgap tiered installation upgrades upgrade ha cluster license usage configure chef server rb settings chef infra server optional settings chef backend rb settings server firewalls and ports security manage backup and restore backend failure recovery monitor tuning log files users authentication and authorization organizations groups server users reference chef server ctl chef backend ctl chef infra server api firewalls ports chef inspec version 7 1 version 7 0 version 6 8 version 5 24 version 5 23 resource packs chef workstation workstation v26 workstation v25 cookstyle about cookstyle cookstyle cops list cops chef correctness blockguardwithonlystring chefapplicationfatal conditionalrubyshellout cookbookusesnodesave dnfpackageallowdowngrades emptyresourceguard incorrectlibraryinjection invalidcookbookname invaliddefaultaction invalidnotificationresource invalidnotificationtiming invalidplatformfamilyhelper invalidplatformfamilyincase invalidplatformhelper invalidplatformincase invalidplatformmetadata invalidplatformvalueforplatformfamilyhelper invalidplatformvalueforplatformhelper invalidversionmetadata lazyevalnodeattributedefaults lazyinresourceguard macosuserdefaultsinvalidtype malformedplatformvalueforplatformhelper metadatamalformeddepends metadatamissingname metadatamissingversion nodenormal nodenormalunless notifiesactionnotsymbol octalmodeasstring opensslpasswordhelpers powershellfileexists powershellscriptdeletefile propertywithouttype resourcesetsinternalproperties resourcesetsnameproperty resourcewithnoneaction scopedfileexist serviceresource supportsmustbefloat tmppath chef deprecations chefdkgenerators cheffile chefhandlerrecipe chefhandlerusessupports chefrewind chefshellout chefspeccoveragereport chefspeclegacyrunner chefsugarhelpers chefwindowsplatformhelper chocolateypackageuninstallaction cookbookdependsoncompatresource cookbookdependsonpartialsearch cookbookdependsonpoise cookbooksdependsonself delivery dependsonchefnginxcookbook dependsonchefreportingcookbook dependsonomnibusupdatercookbook deprecatedchefspecplatform deprecatedplatformmethods deprecatedshelloutmethods deprecatedsudoactions deprecatedwindowsversioncheck deprecatedyumrepositoryactions deprecatedyumrepositoryproperties easyinstallresource eolauditmodeusage epicfail erlcallresource executepathproperty executerelativecreateswithoutcwd foodcriticfile foodcritictesting hwrpwithoutprovides hwrpwithoutunifiedtrue includingxmlrubyrecipe includingyumdnfcompatrecipe launchddeprecatedhashproperty legacynotifysyntax legacyyumcookbookrecipes librarianchefspec localedeprecatedlcallproperty logresourcenotifications macosuserdefaultsglobalproperty namepropertywithdefaultvalue nodedeepfetch nodemethodsinsteadofattributes nodeset nodesetunless nodesetwithoutlevel partialsearchclassusage partialsearchhelperusage poisearchiveusage policyfilecommunitysource powershellcookbookhelpers requirerecipe resourceinheritsfromcompatresource resourceoverridesprovidesmethod resourceusesdslnamemethod resourceusesonlyresourcename resourceusesproviderbasemethod resourceusesupdatedmethod resourcewithoutunifiedtrue ruby27keywordargumentwarnings rubyblockcreateaction searchusespositionalparameters useautomaticresourcename useinlineresourcesdefined userdeprecatedsupportsproperty useschefresthelpers usesdeprecatedmixins usesruncommandhelper useyamldump verifypropertyusesfileexpansion windowsfeatureservermanagercmd windowspackageinstallertypestring windowstaskchangeaction windowsversionhelpers chef effortless berksfile chefvaultused cookbookusesdatabags cookbookusesenvironments cookbookusespolicygroups cookbookusesroles cookbookusessearch dependschefvault searchforenvironmentsorroles chef modernize actionmethodinresource allowedactionsfrominitialize chefgemnokogiri classevalactionclass conditionalusingtest crondfileortemplate cronmanageresource customresourcewithattributes databaghelpers declareactionclass defaultactionfrominitialize defineschefspecmatchers definitions dependsonchefvaultcookbook dependsonchocolateycookbooks dependsonkernelmodulecookbook dependsonlocalecookbook dependsonopensslcookbook dependsontimezonelwrpcookbook dependsonwindowsfirewallcookbook dependsonzyppercookbook dslincludeinresource emptyresourceinitializemethod executeaptupdate executescexe executesleep executesysctl executetzutil foodcriticcomments ifprovidesdefaultaction includingaptdefaultrecipe includingmixinshelloutinresources includingohaidefaultrecipe includingwindowsdefaultrecipe legacyberksfilesource libarchivefileresource macosxuserdefaults minitesthandlerusage nodeinitpackage noderolesinclude opensslrsakeyresource opensslx509resource osxconfigprofileresource powershellguardinterpreter powershellinstallpackage powershellinstallwindowsfeature powershellscriptexpandarchive propertywithnameattribute providesfrominitialize resourceforcingcompiletime resourcenamefrominitialize respondtocompiletime respondtoinmetadata respondtoprovides respondtoresourcename setorreturninresources sevenziparchiveresource shellouthelper shellouttochocolatey simplifyaptppasetup sysctlparamresource unnecessarydependschef14 unnecessarydependschef15 unnecessarymixlibshelloutrequire usebuildessentialresource usecheflanguagecloudhelpers usecheflanguageenvhelpers usecheflanguagesystemdhelper usemultipackageinstalls userequirerelative useszypperrepo whyrunsupportedtrue windowsregistryuac windowsscresource windowszipfileusage zipfileresource chef redundantcode aptrepositorydistributiondefault aptrepositorynotifiesaptupdate attributemetadata conflictsmetadata customresourcewithallowedactions doublecompiletime groupingmetadata longdescriptionmetadata multipleplatformchecks namepropertyisrequired ohaiattributetostring propertysplatregex propertywithrequiredanddefault providesmetadata recipemetadata replacesmetadata resourcewithnothingaction sensitivepropertyinresource stringpropertywithnildefault suggestsmetadata unnecessarydesiredstate unnecessarynameproperty usecreateifmissing chef ruby gemspeclicense gemspecrequirerubygems legacypowershelloutmethods requirenethttps unlessdefinedrequire chef security sshprivatekey chef sharing defaultmetadatamaintainer emptymetadatafield includepropertydescriptions includeresourcedescriptions includeresourceexamples insecurecookbookurl invalidlicensestring chef style attributekeys chefwhaaat commentformat commentsentencespacing copyrightcommentformat defaultcopyrightcomments filemode immediatenotificationtiming includerecipewithparentheses negatingonlyif overlycomplexsupportsdependsmetadata simplifyplatformmajorversioncheck trueclassfalseclassresourceproperties unnecessaryoscheck unnecessaryplatformcasestatement useplatformhelpers inspec deprecations attributedefault attributehelper effortless pattern effortless overview quick start effortless audit effortless config variables and config what is scaffolding supermarket about supermarket share cookbooks private supermarket about private supermarket install configure backup and restore monitor log files upgrades reference supermarket ctl supermarket api release notes chef 360 platform chef automate chef backend chef download apis chef habitat chef infra client chef infra server chef inspec chef local license service chef manage chef migrate chef supermarket chef workstation chef compliance chef compliance audit profiles chef compliance remediation chef cloud resource packs aws cloud resources azure cloud resources legacy chef manage about the management console uninstall manage rb chef manage ctl active directory ldap configure saml clients cookbooks data bags environments nodes roles organizations groups users uninstall available on github downloads send feedback support security table of contents this guide covers the security features available in chef infra server ssl certificates initial configuration of the chef infra server is done automatically using a self signed certificate to create the certificate and private key files for nginx this section details the process for updating a chef infra server s ssl certificate automatic installation recommended the chef infra server can be configured to use ssl certificates by adding the following settings to the server configuration file setting description nginx ssl_certificate the ssl certificate used to verify communication over https nginx ssl_certificate_key the certificate key used for ssl communication and then setting their values to define the paths to the certificate and key for example nginx ssl_certificate etc pki tls certs your host crt nginx ssl_certificate_key etc pki tls private your host key save the file and then run the following command sudo chef server ctl reconfigure for more information about the server configuration file see chef server rb manual installation ssl certificates can be updated manually by placing the certificate and private key file obtained from the certifying authority in the correct files after the initial configuration of chef infra server the locations of the certificate and private key files are var opt opscode nginx ca fqdn crt var opt opscode nginx ca fqdn key because the fqdn has already been configured do the following replace the contents of var opt opscode nginx ca fqdn crt and var opt opscode nginx ca fqdn key with the certifying authority s files reconfigure the chef infra server chef server ctl reconfigure restart the nginx service to load the new key and certificate chef server ctl restart nginx warning the fqdn for the chef infra server should be resolvable lowercase and have fewer than 64 characters including the domain suffix when using openssl as openssl requires the cn in a certificate to be no longer than 64 characters ssl protocols the following settings are often modified from the default as part of the tuning effort for the nginx service and to configure the chef infra server to use ssl certificates note see https www openssl org docs man1 0 2 man1 ciphers html for more information about the values used with the nginx ssl_ciphers and nginx ssl_protocols settings after copying ssl certificate files to the chef infra server update the nginx ssl_certificate and nginx ssl_certificate_key settings to specify the paths to those files and then optionally update the nginx ssl_ciphers and nginx ssl_protocols settings to reflect the desired level of hardness for the chef infra server for example nginx ssl_certificate etc pki tls private name of pem nginx ssl_certificate_key etc pki tls private name of key nginx ssl_ciphers high medium low kedh anull adh enull exp sslv2 seed camellia psk nginx ssl_protocols tlsv1 2 nginx ssl_certificate the ssl certificate used to verify communication over https default value nil nginx ssl_certificate_key the certificate key used for ssl communication defa...
Images from subpage: "docs.chef.io/community/style/reuse/" Verify
Images from subpage: "docs.chef.io/community/style/front_matter/" Verify
Images from subpage: "docs.chef.io/community/style/shortcodes/" Verify
Images from subpage: "docs.chef.io/360/1.7/" Verify
Images from subpage: "docs.chef.io/360/1.6/" Verify

The site also has references to the 2 subdomain(s)

  chef.io  Verify   community.chef.io  Verify


The site also has 1 references to external domain(s).

 github.com  Verify


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/2 301
cache-status Netlify Edge ; fwd=miss
content-type text/html
date Fri, 03 Jul 2026 22:42:27 GMT
location /server/server_security/
server Netlify
strict-transport-security max-age=31536000
x-nf-request-id 01KWN2BHYZYJSWYJ7FX5DQQE9K
content-length 98
HTTP/2 200
accept-ranges bytes
age 27000
cache-control public,max-age=0,must-revalidate
cache-status Netlify Edge ; hit
content-encoding gzip
content-type text/html; charset=UTF-8
date Fri, 03 Jul 2026 22:42:27 GMT
etag 40487978d188cf591e6f7701ed24483d-ssl-df
permissions-policy vibrate=(), geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
referrer-policy no-referrer-when-downgrade
server Netlify
strict-transport-security max-age=2592000
vary Accept-Encoding
x-content-type-options nosniff
x-frame-options DENY
x-nf-request-id 01KWN2BJ95FYG33REVEPWTZPNJ
x-xss-protection X-XSS-Protection: 1
content-length 32087

Meta Tags

title="Security"
charset="utf-8"
name="description" content="This guide covers the security features available in Chef Infra Server. SSL Certificates Initial configuration of the Chef Infra Server is done automatically using a self-signed certificate to create the certificate and private key files for Nginx. This section details the process for updating a Chef Infra Server’s SSL certificate."
http-equiv="x-ua-compatible" content="ie=edge"
name="viewport" content="width=device-width,initial-scale=1"
name="robots" content
class="swiftype" name="chef-product" data-type="string" content="server"
name="hugo_env" content="production"

Load Info

page size32087
load time (s)0.545234
redirect count1
speed download58875
server IP 15.197.167.90
* all occurrences of the string "http://" have been changed to "htt???/"