Hi,
I’m having problems with binding a self signed SSL certificate to a IIS Web site. This is my environment:
Tentacle Agent information:
| - Machine name: APHDEVCOMMON
| - Is 64-bit: True
| - Service user name: SYSTEM
| - CLR version: 4.0.30319.17929
| - Current directory: C:\Windows\system32
| - OS version: Microsoft Windows NT 6.1.7601 Service Pack 1
| - Tentacle version: 2.1.3.1223
I get the following error:
Script: C:\Program Files\Octopus Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1
23:04:09 Info | Finding SSL certificate with thumbprint 88801b4cb8b29a3c6bfe78713feb1c82d0103f96
23:04:09 Info | Found certificate: CN=ApHDevCommon CN=ApHDevCommon
23:04:09 Info | Bindings Path: IIS:\SslBindings*!443
23:04:10 Error | Set-Item : Unexpected object type.
23:04:10 Error | Parameter name: value
23:04:10 Error | At C:\Program Files\Octopus
23:04:10 Error | Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1:69
23:04:10 Error | char:9
23:04:10 Error | + Set-Item $sslBindingsPath -Value $certificate | Out-Null
23:04:10 Error | + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23:04:10 Error | + CategoryInfo : InvalidData: (
[Set-Item], ArgumentException
23:04:10 Error | + FullyQualifiedErrorId : value,Microsoft.PowerShell.Commands.SetItemComma
23:04:10 Error | nd
I’ve seen others having problems with this, and for one there was a problem of the certificate showing up in two different stores. But my certificate only shows up once if I run this code through the Tentacle Powershell script console.
$sslCertificateThumbprint = “88801b4cb8b29a3c6bfe78713feb1c82d0103f96”
$certificate = Get-ChildItem Cert:\LocalMachine -Recurse | Where-Object { $.Thumbprint -eq $sslCertificateThumbprint -and $.HasPrivateKey -eq $true }
Write-Host ($certificate)
Could it been something with self signed certificates not working, or is it because my certificate only has a CN with the computername (AphDevCommon), not a fully qualified domain name (AphDevCommon,mydomain.com)?
Brgds
Jonas
Hi,
When you specified the HTTPS binding, what does the IP Address field look like? If you’ve used “*” (which we set as the default), you may need to change this to an empty string or an actual IP address.
Paul
Hi,
I used the default ”*” for IP address but will try with blank or a specific address.
Brgds
Jonas
Hi again,
I’ve tried both with blank IP address and with a specific address, none worked. See below for logs.
Brgds
Jonas
With blank IP address:
8:18:14 Verbose | Script: C:\Program Files\Octopus Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1
08:18:22 Info | Finding SSL certificate with thumbprint 88801b4cb8b29a3c6bfe78713feb1c82d0103f96
08:18:22 Info | Found certificate: CN=ApHDevCommon CN=ApHDevCommon
08:18:23 Error | Set-Item : Unexpected object type.
08:18:23 Error | Parameter name: value
08:18:23 Error | At C:\Program Files\Octopus
08:18:23 Error | Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1:69
08:18:23 Error | char:9
08:18:23 Error | + Set-Item $sslBindingsPath -Value $certificate | Out-Null
08:18:23 Error | + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
08:18:23 Error | + CategoryInfo : InvalidData: ( [Set-Item], ArgumentException
08:18:23 Error | + FullyQualifiedErrorId : value,Microsoft.PowerShell.Commands.SetItemComma
08:18:23 Error | nd
08:18:23 Fatal | Script ‘C:\Program Files\Octopus Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1’ returned non-zero exit code: 1. Deployment
With specific IP address:
08:28:36 Verbose | Script: C:\Program Files\Octopus Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1
08:28:43 Info | Finding SSL certificate with thumbprint 88801b4cb8b29a3c6bfe78713feb1c82d0103f96
08:28:44 Info | Found certificate: CN=ApHDevCommon CN=ApHDevCommon
08:28:45 Error | new-Item : Failed to create SSL binding. Error code 1312.
08:28:45 Error | At C:\Program Files\Octopus
08:28:45 Error | Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1:67
08:28:45 Error | char:9
08:28:45 Error | + new-Item $sslBindingsPath -Value $certificate | Out-Null
08:28:45 Error | + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
08:28:45 Error | + CategoryInfo : InvalidData: ( [New-Item], ProviderException
08:28:45 Error | + FullyQualifiedErrorId : Failed to create SSL binding. Error code 1312.,M
08:28:45 Error | icrosoft.PowerShell.Commands.NewItemCommand
08:28:45 Fatal | Script ‘C:\Program Files\Octopus Deploy\Tentacle\Scripts\Octopus.Features.IISWebSite_BeforePostDeploy.ps1’ returned non-zero exit code: 1. Deployment terminated.
Thanks Jonas, I’ve created an issue and will investigate this bug and fix it in the next release:
Paul
Hi Jonas,
Just looked at the error again; it looks like it is finding two certificates with the same thumbprint which causes the failure. This is a known bug that we fixed recently. Can you upgrade to this release?
Paul
Hi,
I notice that 2.3.1 is a pre-release which could prehaps bring with it some other problems. Is it possible to update just a tentacle to 2.3.1 to test if it solves the problem or do I have to update my server as well?
Brgds
Jonas
Hi Jonas,
Yes, you can just update the Tentacle without updating Octopus.
Paul