Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


cacert (6) Versions 0.3.1

Installs/Configures cacert

cookbook 'cacert', '= 0.3.1', :supermarket
cookbook 'cacert', '= 0.3.1'
knife supermarket install cacert
knife supermarket download cacert
Quality 0%

cacert Cookbook

This cookbook provides LWRP to install certificate authorities and set the needed hash-symlinks.


You can specify the default path were the ssl certificates and symlinks are stored using an attribute

node['cacert']['cert_dir'] # defaults to '/etc/ssl/certs'



The default recipe will install CA certificates defined in the certs attributes of the node.


  "cacert": {
    "certs": {
      "": {
        "source": "",
        "cert_dir": "/etc/ssl/certs",
        "hash": "492ffc07"

This recipe installs the root certificate

It automatically sets the correct symlinks on broken systems (like Debian Squeeze), see this gist:


To use the providers, add the following to your metadata.rb

depends 'cacert'


Installs a certificate from a given URL, and calls cacert_hash to create the necessary symlinks.
The following example installs the root certificate to /etc/ssl/certs/

NOTE On Debian Squeeze (and potentially on other systems), openssl generates the wrong hash. As a workaround, you can specify the hash manually, see the "hash" attribute below.

cacert '' do
  cert     ''                        # name attribute
  source   '' # required
  cert_dir '/etc/ssl/certs'                        # defaults to node['cacert']['cert_dir']
  action   :create                                 # default :create

  # You can specify the hash for the symlink manually.
  # Ff not given, this will be generated using openssl x509 -hash
  hash     '99d0fa06' # correct hash for cacerts root certificate

  # Also, a sha256 checksum is supported.
  # If the checksum doesn't match, the certificate won't be installed.
  checksum 'c0e0773a79dceb622ef6410577c19c1e177fb2eb9c623a49340de3c9f1de2560'


You can use the cacert_hash provider by its own, too

cacert_hash '' do
  cert     ''                        # name attribute
  cert_dir '/etc/ssl/certs'                        # defaults to node['cacert']['cert_dir']

  # You can specify the hash for the symlink manually.
  # Ff not given, this will be generated using openssl x509 -hash
  hash     '99d0fa06' # correct hash for cacerts root certificate



  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

Author: Chris Aumann
Contributors: Fran├žois Lamboley

License: GPLv3

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

CHANGELOG for cacert

This file is used to list changes made in each version of cacert.


  • Add support for checksums


  • Check whether hashes match when it's provided
  • Do not use https when fetching certificates
  • recipe now also installs class 3 PKI


  • Add default recipe, that installs certificates according to attributes


  • Initial release of cacert

Foodcritic Metric

0.3.1 failed this metric

FC002: Avoid string interpolation where not required: /tmp/cook/83f1b7d3e6df599931162c5b/cacert/providers/default.rb:22
FC002: Avoid string interpolation where not required: /tmp/cook/83f1b7d3e6df599931162c5b/cacert/providers/default.rb:25